community.hashi_vault icon indicating copy to clipboard operation
community.hashi_vault copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Add AWS EC2 auth method to the collection

Open mechastorm opened this issue 2 years ago • 1 comments

SUMMARY

Official support for the ec2 auth method to generate a Vault Token

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

community.hashi_vault.vault_login

ADDITIONAL INFORMATION

From what I can understand from the documentation for this module, it does not support using native EC2 IMDS signature to login. Please correct me if I had misundersood this.

This auth method is useful for running on EC2 servers and would ensure the vault_login covers it. For now the workaround is doing manual Ansible uri calls for the Signature and either using the direct Vault Endpoint or Vault Agent / CLI to get a valid vault token.

mechastorm avatar Apr 29 '23 21:04 mechastorm

Hi @mechastorm , you are correct that we don't currently support this auth method in the collection. We do support AWS IAM authentication, and IAM auth in Vault can be set to use EC2 inferencing (with some caveats, see the same documentation page you linked). HashiCorp also recommends using IAM auth rather than EC2 auth in most cases, so that might be something to consider.

That being said, it's a perfectly valid feature request.

I don't have any plans to implement it myself, but would welcome a PR to add the functionality.

If you're interested in adding this yourself we have a Contributor guide that can help you get started. Don't hesitate to ask any additional questions as needed.

briantist avatar Apr 30 '23 01:04 briantist