Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Signing REST requests using IAM access key

0

I have a two part problem. I have a bash script running within a Jenkins container that needs to send a simple post request using CURL to an HTTPS endpoint hosted within ECS container. The Jenkins container runs using assumed role jenkins. The ECS container runs using assumed role ecscontainer. This is what I would like to do:

(1) Sign the CURL request originating from Jenkins. In order to do this I need to be able to set the Authorization header with the signature. How can my bash script get the access key of the role jenkins? There is no AWS CLI command in aws iam or aws sts I can find that will return the access key id and/or secret access key.

(2) On the ECS container end I want to be able to use AWS-SDK to verify the signature used in (1) so that I only allow requests from role jenkins to be processed.

Any help will be greatly appreciated.

Edited by: sshekhar on May 15, 2020 3:30 PM

Themen
Management & Unternehmensführung
Tags
AWS Befehlszeilenschnittstelle
Sprache
English
sshekhar
gefragt vor 4 Jahren299 Aufrufe
2 Antworten
0

Okay I have figured this out, not sure if others need to know how to do this but here it is:

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role_nm>

Each AWS EC2 instance resolves the above IP to a server that provides meta-data associated with that particular EC2 instance.

Edited by: sshekhar on May 24, 2020 9:23 AM

sshekhar
beantwortet vor 4 Jahren
0

Thanks for posting your solution.

smac2025
beantwortet vor 4 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt