hologram
hologram copied to clipboard
AdRoll
Multiple simultaneous credentials
If I visit http://169.254.169.254/latest/meta-data/iam/security-credentials/, I see hologram-access in there with the usual credentials in it.
Note that although Amazon does not currently support multiple simultaneous roles, the URL scheme was clearly set up to allow for it.
I'm wondering (assuming that it doesn't break aws-cli, boto, and other major tools) if we could possibly allow a particular hologram agent to serve up multiple credential sets simultaneously, for APIs that are aware of it. In practice, this would just lead to there being multiple entries under security-credentials. If it does end up breaking existing APIs, we could also add a custom "revision" to the top level.
My use case is writing handy developer tools that know about Hologram and wants simultaneous access to multiple AWS accounts/roles. For example, I would like a simple cost-monitoring widget in my menubar that can talk to a particular Amazon account/role regardless of my current Hologram role.
https://github.com/boto/boto/blob/bbbf9d248856db997080f51805575f0634da4090/boto/provider.py#L379 details how at least that works, and most things are based off of how boto does it. Looks like your idea should be fine, although I'll be interested in how the CLI and other tools interact with having multiple Hologram roles active. :+1:
Yeah. It might still be good hygiene to use a new top-level revision for other implementations that aren't so graceful when they find unexpected information.