2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Just create the client as you would anywhere, The SDK will figure out that it's "in" an ECS task and get the credentials from its metadata.
Depending on what you're doing, the metadata endpoint might be enough so you might not need this at all 😊 https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html
Good luck!
con risposta 2 anni fa
1
you don't need to pass any credential to your spring application (even it is dangerous). Your application run on ECS so, your application can use the task execution role, the task role grants additional AWS permissions required by your application once the container is started. So you can on task Role attach the ECS permission.
Example using Terraform as IAC
resource "aws_iam_policy" "example-policy" {
name = "example"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"application-autoscaling:DescribeScalableTargets",
"ecs:ListServices",
"ecs:UpdateService",
"ecs:ListTasks",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:DescribeClusters",
"ecs:ListClusters",
]
Effect = "Allow"
Resource = "*"
}
]
})
}
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa