Using AWS temporary security credentials with bosh?


Dmitriy Kalinin
 

You have to use bosh-init to get this feature working.

Sent from my iPhone

On Oct 1, 2015, at 1:11 PM, Satya Thokachichu <tsnraju(a)yahoo.com> wrote:

bosh deployment work like a gem with IAM instance profiles...Having trouble with microbosh deployment..Please advise.


Satya Thokachichu
 

bosh deployment work like a gem with IAM instance profiles...Having trouble with microbosh deployment..Please advise.


Satya Thokachichu
 

Awsome..Thanks..Will try it today..I also have microbosh in my setup..Guess,I still need to pass AWS credentials to deploy microbosh..


Dmitriy Kalinin
 

We have made IAM instance profile support available in latest
bosh-aws-cpi-release. See
https://bosh.io/docs/aws-iam-instance-profiles.html on how to use it.

On Sat, Sep 26, 2015 at 5:57 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

Still very interested in getting this working.
I hope the hiccups pass soon!

Tom

On Fri, Sep 25, 2015 at 1:57 AM, Dmitriy Kalinin <dkalinin(a)pivotal.io>
wrote:

We had a hiccup in our CI pipeline regarding this feature. Will update as
soon we have it.

Sent from my iPhone

On Sep 19, 2015, at 4:48 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

Hi,

How can AWS temporary security credentials be used with bosh in place
of the access_key_id and secret_access_key? Reviewing manifests and
documentation, I find no mention of aws_session_token. How would bosh
refresh the token? Does an IAM role on the instance make it work?
I'm just diving into the AWS identity and access area. A kickstart in
the right direction, much appreciated.

(I've successfully deployed bosh/cf in an AWS regular account. I am now
switching to a federated and temporary security creds environment.)


Tom Sherrod <tom.sherrod@...>
 

Still very interested in getting this working.
I hope the hiccups pass soon!

Tom

On Fri, Sep 25, 2015 at 1:57 AM, Dmitriy Kalinin <dkalinin(a)pivotal.io>
wrote:

We had a hiccup in our CI pipeline regarding this feature. Will update as
soon we have it.

Sent from my iPhone

On Sep 19, 2015, at 4:48 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

Hi,

How can AWS temporary security credentials be used with bosh in place of
the access_key_id and secret_access_key? Reviewing manifests and
documentation, I find no mention of aws_session_token. How would bosh
refresh the token? Does an IAM role on the instance make it work?
I'm just diving into the AWS identity and access area. A kickstart in
the right direction, much appreciated.

(I've successfully deployed bosh/cf in an AWS regular account. I am now
switching to a federated and temporary security creds environment.)


Dmitriy Kalinin
 

We had a hiccup in our CI pipeline regarding this feature. Will update as soon we have it.

Sent from my iPhone

On Sep 19, 2015, at 4:48 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

Hi,

How can AWS temporary security credentials be used with bosh in place of the access_key_id and secret_access_key? Reviewing manifests and documentation, I find no mention of aws_session_token. How would bosh refresh the token? Does an IAM role on the instance make it work?
I'm just diving into the AWS identity and access area. A kickstart in the right direction, much appreciated.

(I've successfully deployed bosh/cf in an AWS regular account. I am now switching to a federated and temporary security creds environment.)


Satya Thokachichu
 

Any update on this?


Dmitriy Kalinin
 

There was a change recently merged in and is going through the CI which adds support for IAM instance profiles. This allows CPI to retrieve credentials automatically when necessary. I'll update this thread when it's available to use (next week I believe).

Sent from my iPhone

On Sep 19, 2015, at 4:48 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

Hi,

How can AWS temporary security credentials be used with bosh in place of the access_key_id and secret_access_key? Reviewing manifests and documentation, I find no mention of aws_session_token. How would bosh refresh the token? Does an IAM role on the instance make it work?
I'm just diving into the AWS identity and access area. A kickstart in the right direction, much appreciated.

(I've successfully deployed bosh/cf in an AWS regular account. I am now switching to a federated and temporary security creds environment.)


Tom Sherrod <tom.sherrod@...>
 

Hi,

How can AWS temporary security credentials be used with bosh in place of the access_key_id and secret_access_key? Reviewing manifests and documentation, I find no mention of aws_session_token. How would bosh refresh the token? Does an IAM role on the instance make it work?
I'm just diving into the AWS identity and access area. A kickstart in the right direction, much appreciated.

(I've successfully deployed bosh/cf in an AWS regular account. I am now switching to a federated and temporary security creds environment.)