2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
1
Just create the client as you would anywhere, The SDK will figure out that it's "in" an ECS task and get the credentials from its metadata.
Depending on what you're doing, the metadata endpoint might be enough so you might not need this at all 😊 https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html
Good luck!
respondido há 2 anos
1
you don't need to pass any credential to your spring application (even it is dangerous). Your application run on ECS so, your application can use the task execution role, the task role grants additional AWS permissions required by your application once the container is started. So you can on task Role attach the ECS permission.
Example using Terraform as IAC
resource "aws_iam_policy" "example-policy" {
name = "example"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"application-autoscaling:DescribeScalableTargets",
"ecs:ListServices",
"ecs:UpdateService",
"ecs:ListTasks",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:DescribeClusters",
"ecs:ListClusters",
]
Effect = "Allow"
Resource = "*"
}
]
})
}
respondido há 2 anos
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 3 meses