amazon web services - trouble with AWS SWF using IAM roles -
i've noticed on aws if iam role credentials (key, secret, token) , set them appropriate environment variables in python script, able create , utilize swf layer1 objects fine. however, looks layer2 objects not work. example, if have boto , os imported, , do:
test = boto.swf.layer2.activityworker() test.domain = 'somedomain' test.task_list = 'sometasklist' test.poll() i exception security token not valid, , indeed, if dig through object, security token not set. happens with:
test = boto.swf.layer2.activityworker(session_token=os.environ.get('aws_security_token')) i can prepare doing:
test._swf.provider.security_token = os.environ.get('aws_security_token') test.poll() but seems pretty hacky , annoying because have every time create new layer2 object. else noticed this? behavior intended reason, or missing here?
manual management of temporary security credentials not "pretty hacky", less secure. improve alternative assign iam role instances, automatically have permissions of role without requiring explicit credentials.
see: http://docs.aws.amazon.com/awsec2/latest/userguide/iam-roles-for-amazon-ec2.html
amazon-web-services flash credentials amazon-iam
No comments:
Post a Comment