Software / code / prosody-modules
Annotate
mod_aws_profile/README.markdown @ 4409:44f6537f6427
mod_invites_adhoc: Fail contact invite if user is not on current host
Only the username was being used, and the host of the requester ignored.
Luckily this only affects admins of the host. If they want to create an
account they can use the other command. If they want to create a contact
they should request from their account on this host.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 28 Jan 2021 07:04:11 +0000 |
| parent | 3698:1d719d4ef18f |
| rev | line source |
|---|---|
|
3698
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 # Introduction |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 This module adds support for reading AWS IAM access credentials from EC2 instance metadata, |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 to allow Prosody modules to gain role-based access to AWS services. |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 # Configuring |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 modules_enabled = { |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 "aws_profile"; |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 } |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 There is no other configuration. |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 # Usage in other modules |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 Other modules can import the credentials as a shared table: |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local aws_credentials = module:shared("/*/aws_profile/credentials"); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 do_something(aws_credentials.access_key, aws_credentials.secret_key); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 Note that credentials are time-limited, and will change periodically. The |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 shared table will automatically be updated. If you need to know when this |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 happens, you can also hook the `'aws_profile/credentials-refreshed'` event: |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 module:hook_global("aws_profile/credentials-refreshed", function (new_credentials) |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 -- do something with new_credentials.access_key/secret_key |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 # Compatibility |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 Meant for use with Prosody 0.11.x, may work in older versions. |
