Grabbing AWS credentials with bash
Let’s say you’re running on AWS and using IAM to assign your instances AWS keys dynamically. First off, if you’re not doing this you should. Why?
- Rotating credentials in from IAM is much more secure than sharing your AWS account keys across your infrastructure. If someone gets your keys and you’re not using IAM, you’re screwed. If you’re rotating your keys via IAM you shouldn’t really ever have to know what they are in the first place.
- By assigning IAM roles to your instances, you can control the granularity of that role’s permissions. You want to only allow your web servers access to one subfolder of a S3 bucket? Easy, through IAM.
Okay, so we’re all on board: If we’re using AWS we should use IAM roles to provide rotating access keys to our instances.
But what happens when you need those keys? I ran across this problem...
Continue reading →