Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AWS authentication experience V1 #3803

Closed
mikejholly opened this issue Feb 12, 2024 · 0 comments
Closed

Improve AWS authentication experience V1 #3803

mikejholly opened this issue Feb 12, 2024 · 0 comments
Labels
type:proposal A proposal for a new feature

Comments

@mikejholly
Copy link
Contributor

mikejholly commented Feb 12, 2024
edited

As an Earthly user, I find using AWS tools (aws CLI, Terraform, etc.) to be cumbersome. I think Earthly should offer a straightforward and secure way to setup & make use of AWS credentials & help facilitate AWS authentication.

Requirements

  • Get the AWS CLI working in Earthly in the simplest way possible
  • Do NOT store secrets (in plain text or otherwise) in the layers
  • Do NOT rely on any LOCALLY hacks, since they don't work in CI
  • Non-interactive when running in CI
  • Interactive (e.g. MFA) can be ok locally - debatable?

Implementation

For V1, we can make use of any AWS environmental variables or local configuration. This should include using available OICD credentials configured using GHA steps like aws-actions/configure-aws-credentials.

  • ~/.aws directory
  • env vars AWS_SECRET_KEY_ID and friends (sample code interacting with and loading from users .aws)
  • Some token that OIDC generates (session token?)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:proposal A proposal for a new feature
Projects
core
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikejholly