aws-sdk-rust icon indicating copy to clipboard operation
aws-sdk-rust copied to clipboard

Published 20 hours ago verified publisher icon awslabs

AWS SDK for Rust doesn't take into account kube2iam authentication

Open anatoli-iliev opened this issue 1 year ago • 1 comments
trafficstars

Describe the feature

We host our functionality in a custom running Kubernetes cluster. For each pod we deploy, we annotate it with the AWS role arn that it needs to be authenticated with. Once we run the pod and execute commands using AWS CLI (such copy files to S3) it works just fine. Unfortunately using the Rust AWS SDK we cannot perform any AWS operations as it expects we to have access_key and secret_key either in credentials file or in env variable. The kube2iam mechanism is not exporting all that and it stays behind the curtains.

AWS SDK for Java supports this out of the box.

Use Case

We are working with a custom Kubernetes provider we have. Our resources within this k8s provider communicate and utilize various AWS services (S3, SQS, etc). So in order for our applications deployed in k8s to authenticate and use the AWS resources we are using kube2iam communication. We annotate our pods with certain specific AWS roles and the AWS SDK for Java works the authentication out of the box. Unfortunately that is not the case with the AWS SDK for Rust. It seems that it expect we to pass aws key id and secret to it either in profile or in env variables in order to work.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • [ ] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

A note for the community

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue, please leave a comment

anatoli-iliev avatar Apr 26 '24 07:04 anatoli-iliev

Hey @anatoli-iliev, thanks for submitting this issue. I'm guessing that this is an issue caused by IMDS v1 vs IMDS v2. We only support IMDS v2. Does kube2iam work with any of the newer SDKs like the Kotlin SDK?

Velfi avatar Apr 26 '24 17:04 Velfi

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.

github-actions[bot] avatar May 06 '24 18:05 github-actions[bot]