EC2-Manager should allow credential generation based on Instance Identity Documents

ASSIGNED
Assigned to

Status

ASSIGNED
5 months ago
2 months ago

People

(Reporter: jhford, Assigned: wcosta)

Tracking

(Blocks: 1 bug)

Details

Attachments

(2 attachments)

Once we have bug 1485984 resolved, we should add an endpoint to EC2-Manager which allows EC2 instances to get a set of credentials specific to its instance id.
Hi Wander.  The node.js library is complete for doing the validations.  Do you have time to finish up PR#54 or should I pick it up?  Thanks.
Flags: needinfo?(wcosta)
(Assignee)

Comment 3

5 months ago
(In reply to John Ford [:jhford] CET/CEST Berlin Time from comment #2)
> Hi Wander.  The node.js library is complete for doing the validations.  Do
> you have time to finish up PR#54 or should I pick it up?  Thanks.

I am currently porting docker-worker to GCP, not sure when I will finish, but I believe not after end of next week.
Flags: needinfo?(wcosta)
Created attachment 9009999 [details]
rsa2048-keys.zip

These are the public keys for us-[east]-[1,2] and eu-central-1
(Assignee)

Updated

2 months ago
Assignee: nobody → wcosta
Status: NEW → ASSIGNED
(Assignee)

Comment 5

2 months ago
I am not able to verify new documents, it feels like something changed on Amazon side or I am doing something wrong. Could you please double check by downloading a new pair of document/rsa2048 and verify it?
Flags: needinfo?(jhford)
(In reply to Wander Lairson Costa [:wcosta] from comment #5)
> I am not able to verify new documents, it feels like something changed on
> Amazon side or I am doing something wrong. Could you please double check by
> downloading a new pair of document/rsa2048 and verify it?

I would have to boot a new instance, specially for this.  Could you log into a Docker-Worker instance and download them?
Flags: needinfo?(jhford)
(Assignee)

Comment 7

2 months ago
(In reply to John Ford [:jhford] CET/CEST Berlin Time from comment #6)
> (In reply to Wander Lairson Costa [:wcosta] from comment #5)
> > I am not able to verify new documents, it feels like something changed on
> > Amazon side or I am doing something wrong. Could you please double check by
> > downloading a new pair of document/rsa2048 and verify it?
> 
> I would have to boot a new instance, specially for this.  Could you log into
> a Docker-Worker instance and download them?

You can get the docs and keys here https://github.com/walac/ec2-manager/tree/secrets-endpoint/test/testdata
That are the ones I am using.
You need to log in before you can comment on or make changes to this bug.