Aws iam authentication for jobs

How can we assign identities to jobs when we want to deal with aws services .

example:

I’m running a ruby app, I would like to avoid using AK/SK to authenticate on AWS, I would like to use roles.

My nomad cluster running on ec2, is there a way to assign a particular role to a job such as this kind of Kubernetes annotations : Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/my-role ?

1 Like

Closest project I know of that can allow something like that is GitHub - jippi/go-metadataproxy: A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
But I never used it and not sure what is the status of its maintenance.

If Nomad is using the Vault integration, you can also lease AWS credentials on demand, in your template stanza.