Aws iam authentication for jobs

Antse · April 5, 2023, 9:29am

How can we assign identities to jobs when we want to deal with aws services .

example:

I’m running a ruby app, I would like to avoid using AK/SK to authenticate on AWS, I would like to use roles.

My nomad cluster running on ec2, is there a way to assign a particular role to a job such as this kind of Kubernetes annotations : Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/my-role ?

m1ke · April 28, 2023, 6:02am

Closest project I know of that can allow something like that is GitHub - jippi/go-metadataproxy: A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
But I never used it and not sure what is the status of its maintenance.

macmiranda · April 28, 2023, 7:23pm

If Nomad is using the Vault integration, you can also lease AWS credentials on demand, in your template stanza.