-
由 Jeremy Huntwork 创作于
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/334160 Main motivations are: - This tool is developed by AWS and is their standard interacting with their API from the command line - Better credential handling, including support for IMDSv2. This means that a container running on an EC2 instance can automatically use IAM roles and permissions associated with the instance. And when running in Kubernetes (like in EKS) a native OIDC implementation will allow a pod to receive a specific role when using a service account annotated with the right role. This 'just works' without having to maintain a specific set of credentials. See: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ Lastly, credentials could just be passed in via environment variables, which also 'just works' with the CLI.
32eaed62由 Jeremy Huntwork 创作于Related to https://gitlab.com/gitlab-org/gitlab/-/issues/334160 Main motivations are: - This tool is developed by AWS and is their standard interacting with their API from the command line - Better credential handling, including support for IMDSv2. This means that a container running on an EC2 instance can automatically use IAM roles and permissions associated with the instance. And when running in Kubernetes (like in EKS) a native OIDC implementation will allow a pod to receive a specific role when using a service account annotated with the right role. This 'just works' without having to maintain a specific set of credentials. See: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ Lastly, credentials could just be passed in via environment variables, which also 'just works' with the CLI.
加载中