2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
Just create the client as you would anywhere, The SDK will figure out that it's "in" an ECS task and get the credentials from its metadata.
Depending on what you're doing, the metadata endpoint might be enough so you might not need this at all 😊 https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html
Good luck!
beantwortet vor 2 Jahren
1
you don't need to pass any credential to your spring application (even it is dangerous). Your application run on ECS so, your application can use the task execution role, the task role grants additional AWS permissions required by your application once the container is started. So you can on task Role attach the ECS permission.
Example using Terraform as IAC
resource "aws_iam_policy" "example-policy" {
name = "example"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"application-autoscaling:DescribeScalableTargets",
"ecs:ListServices",
"ecs:UpdateService",
"ecs:ListTasks",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:DescribeClusters",
"ecs:ListClusters",
]
Effect = "Allow"
Resource = "*"
}
]
})
}
beantwortet vor 2 Jahren
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 4 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren