prosody-modules
2393dbae51ed
mod_aws_profile/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_aws_profile/README.markdown @ 5416:2393dbae51ed

mod_http_oauth2: Add option for specifying TTL of registered clients Meant to simplify configuration, since TTL vs ignoring expiration is expected to be the main thing one would want to configure. Unsure what the implications of having unlimited lifetime of clients are, given no way to revoke them currently, short of rotating the signing secret. On one hand, it would be annoying to have the client expire. On the other hand, it is trivial to re-register it.
author Kim Alvefur <zash@zash.se>
date Thu, 04 May 2023 18:41:33 +0200
parent 3698:1d719d4ef18f
line wrap: on
line source

# Introduction

This module adds support for reading AWS IAM access credentials from EC2 instance metadata,
to allow Prosody modules to gain role-based access to AWS services.

# Configuring

``` {.lua}
modules_enabled = {
    "aws_profile";
}
```

There is no other configuration.

# Usage in other modules

Other modules can import the credentials as a shared table:

``` {.lua}
local aws_credentials = module:shared("/*/aws_profile/credentials");
do_something(aws_credentials.access_key, aws_credentials.secret_key);
```

Note that credentials are time-limited, and will change periodically. The
shared table will automatically be updated. If you need to know when this
happens, you can also hook the `'aws_profile/credentials-refreshed'` event:

``` {.lua}
module:hook_global("aws_profile/credentials-refreshed", function (new_credentials)
  -- do something with new_credentials.access_key/secret_key
end);
```

# Compatibility

Meant for use with Prosody 0.11.x, may work in older versions.