Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for AWS Instance Profiles #245

Open
peterb154 opened this issue Nov 11, 2023 · 4 comments
Open

support for AWS Instance Profiles #245

peterb154 opened this issue Nov 11, 2023 · 4 comments
Assignees
@rkusa
Labels
enhancement New feature or request help wanted Extra attention is needed wontfix This will not be worked on

Comments

@peterb154
Copy link

peterb154 commented Nov 11, 2023
edited

When a DCS server is hosted in AWS, it is possible to attach an IAM Instance Profile (a IAM role) to the EC2 instance, That role can be granted permissions to do things in AWS. This allows AWS SDK calls to be made without specifying credentials in code/configs.

What happens behind the scenes is that the AWS SDK client uses the the EC2 Instance Metadata Service to pull in temporary creds for the session. In that case, you don't need to put IAM Access keys into the AWS SDK client. See https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credentials.html

In the DCS-gRPC aws.rs code, it looks like we ALWAYS expect AWS credentials to be present.
https://github.com/DCS-gRPC/rust-server/blob/e91b9064f91277abd875b90f0562cd300647c6c1/tts/src/aws.rs#L7C12-L15
image

This is unnecessary in cases where the DCS server is hosted in AWS and actually less secure.

This issue is a request to allow the AWS tts service to use credentials discovered by sdk client.
@peterb154
Copy link
Author

peterb154 commented Nov 11, 2023
edited

Adding to this, the tts.provider.aws.secret value can easily contain an escape sequence like \n. Might want to warn users about this in the readme.

Also would be helpful to let them know that they can use the "AmazonPollyReadOnlyAccess" managed policy to synthesize speech.

@rurounijones rurounijones added the enhancement New feature or request label Dec 6, 2023
@rurounijones
Copy link
Contributor

rurounijones commented Jan 31, 2024
edited

I think, realistically, that this feature request is niche enough (servers running on AWS) that support for this would need to be contributed by someone as rkusa, our Rust expert, has limited time to work on things.

@rurounijones rurounijones added help wanted Extra attention is needed wontfix This will not be worked on labels Jan 31, 2024
@peterb154
Copy link
Author

peterb154 commented Feb 1, 2024 via email

@rurounijones
Copy link
Contributor

Maybe we can leave the issue open as a low priority feature request for someone (maybe me someday) who wants to contribute?

Yeah, that is fine, I am not fussed about having "old" tickets open.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rkusa rkusa

Labels
enhancement New feature or request help wanted Extra attention is needed wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rurounijones @rkusa @peterb154