cloudquery icon indicating copy to clipboard operation
cloudquery copied to clipboard

Published 20 hours ago verified publisher icon Uptycs

feature request: support instance identity when running in the cloud provider instances

Open slimm609 opened this issue 3 years ago • 3 comments

AWS, GCP and Azure all support instance metadata and instance profiles

AWS - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html GCP - https://cloud.google.com/appengine/docs/standard/java/accessing-instance-metadata Azure - https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service?tabs=linux#managed-identity

Each type of metadata can be used to automatically identify and configure the authentication if configured on the instance.

The AWS SDK has support for instance profile automatically and I believe GCP and Azure have similar. This would automatically configure the cloud provider when deployed onto a cloud instance with the proper host configuration making it much easier to handle authentication and provide additional security from short lived credentials that are provided from these features.

slimm609 avatar Jan 18 '22 13:01 slimm609

Thanks @slimm609 for the feature request. Note that we already support the use of instance profile for AWS. I'll look into similar support for GCP and Azure.

Thanks, ..... Amol

apatil-uptycs avatar Jan 18 '22 13:01 apatil-uptycs

Awesome. Thanks! Does it automatically detect the instance profile or do you need to provide a config telling it to use it?

slimm609 avatar Jan 18 '22 13:01 slimm609

If you don't provide ProfileName and RoleArn, we use instance profile for SDK authentication. Relevant code is here: https://github.com/Uptycs/cloudquery/blob/master/extension/aws/utils.go Hope that helps.

Thanks, ..... Amol

apatil-uptycs avatar Jan 18 '22 13:01 apatil-uptycs