aws-toolkit-eclipse icon indicating copy to clipboard operation
aws-toolkit-eclipse copied to clipboard

Published 20 hours ago verified publisher icon aws

Authentication

Open Mutley5000 opened this issue 8 years ago • 4 comments

Hi,

It seems that AWS Toolkit for Eclipse only uses IAM credentials for authentication. Would it be possible to allow it use to instance profiles for authentication? This would be handy for when you're doing your development work on an EC2 instance as I am.

Kind regards, Braydon

Mutley5000 avatar Aug 11 '17 05:08 Mutley5000

Hey @Mutley5000,

Thanks for the callout. Can you explain in detail what your use case is about?

The Toolkit credentials is used for managing your AWS resources and performing actions to AWS on behalf of you. As for the code itself in the IDE, you should be able to use the AWSCredentialsProviderChain for dynamically loading your credentials based on the environment your program is running in.

In Java SDK, the client is initialized with the DefaultAWSCredentialsProviderChain in which it looks into different providers for the credentials. Therefore, if your program is running in your local machine, it uses your default profile for most of the case, but in EC2 instance, it falls back to the EC2 Container credentials provider as you don't want to put a profile file in that machine. Does that answer your question?

zhangzhx avatar Aug 11 '17 17:08 zhangzhx

Hi @zhangzhx,

I'll explain a little more in detail what I mean.

I have an EC2 instance with an instance profile attached. This profile has a policy that allows access to one of my S3 buckets. I can use the CLI to access that bucket with the credentials received from the IAM role. On this same EC2 instance I have Eclipse installed with AWS Toolkit for Eclipse. Whenever I try to interact with AWS via Upload Function to AWS Lambda for example, Eclipse throws an error stating "Failed to load IAM roles.". It also creates the credentials file under %USERPROFILE%/.aws/credentials with no keys. Eclipse doesn't seem to be able to use credentials from the IAM role provided by the instance profile as the CLI can and reverts to using the credentials file.

I hope that explains the situation better.

Kind regards, Braydon

Mutley5000 avatar Aug 14 '17 00:08 Mutley5000

Ah, I got your point. So you are running Eclipse IN the EC2 instance.

That's a good feature request then to allow AWS Toolkit for Eclipse to provide a Credentials provider chain. I'll talk about this with my team and add this to our backlog. I will let you know once this is released.

zhangzhx avatar Aug 14 '17 16:08 zhangzhx

The Credentials Provider Chain has another advantage, use environment variables to store credentials. This will allow toolkit to integrate with other credentials management softwares as aws-vault.

fams avatar Jul 12 '18 15:07 fams