Aws iam authentication for jobs

Antse · April 5, 2023, 9:29am

How can we assign identities to jobs when we want to deal with aws services .

example:

I’m running a ruby app, I would like to avoid using AK/SK to authenticate on AWS, I would like to use roles.

My nomad cluster running on ec2, is there a way to assign a particular role to a job such as this kind of Kubernetes annotations : Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/my-role ?

m1ke · April 28, 2023, 6:02am

Closest project I know of that can allow something like that is GitHub - jippi/go-metadataproxy: A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
But I never used it and not sure what is the status of its maintenance.

macmiranda · April 28, 2023, 7:23pm

If Nomad is using the Vault integration, you can also lease AWS credentials on demand, in your template stanza.

Topic		Replies	Views
AWS Auth Backend Client on Kubernetes Vault	2	254	January 15, 2021
Creating aws role returns 403 unauthorized to perform iam:GetRole Vault	0	241	March 13, 2024
Cross-Account KMS? Boundary	10	2247	August 19, 2021
AWS auth method - How to use the vault CLI with IAM role? Vault	1	3869	April 3, 2020
Issue with vault aws iam authentification Vault	2	1100	June 17, 2021

Aws iam authentication for jobs

Related topics