aws-vault icon indicating copy to clipboard operation
aws-vault copied to clipboard

Published 20 hours ago verified publisher icon 99designs

ECS Server URI needs to include the `get-credentials` path to support AWS SDK Libraries

Open jedschneider opened this issue 1 year ago • 0 comments

  • [x] I am using the latest release of AWS Vault
  • [ ] I have provided my .aws/config (redacted if necessary)
  • [ ] I have provided the debug output using aws-vault --debug (redacted if necessary)

Problem

When using the Ruby SDK, the ECS credential server is not being picked up by default, even though the AWS_CONTAINER_CREDENTIALS_FULL_URI is supported by the Ruby SDK (see the :endpoint option).

The ECS credentials are picked up if we override the existing env var:

% export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://127.0.0.1:<port>/get-credentials
% irb
irb(main):001:0> require 'aws-sdk-core'
=> true
irb(main):002:0> client = Aws::STS::Client.new
=> #<Aws::STS::Client>
irb(main):003:0> client.get_caller_identity
=>
#<struct Aws::STS::Types::GetCallerIdentityResponse <redacted>>

AWS Vault Version

7.2.0-Homebrew

jedschneider avatar Nov 08 '23 16:11 jedschneider