Skip to content

Commit

Permalink
Update readme for v1.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
ehlomarcus committed Nov 8, 2023
1 parent cddf575 commit e754166
Showing 1 changed file with 15 additions and 6 deletions.
21 changes: 15 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
# aws-signing-helper

Inspired by [josh23french/iam-roles-anywhere-sidecar](https://github.com/josh23french/iam-roles-anywhere-sidecar)
Inspired by [josh23french/iam-roles-anywhere-sidecar](https://github.com/josh23french/iam-roles-anywhere-sidecar).

Uses [aws/rolesanywhere-credential-helper](https://github.com/aws/rolesanywhere-credential-helper) cli instead of building a separate http server.

Makes use of the [serve](https://github.com/aws/rolesanywhere-credential-helper#serve) command to run a metadata service endpoint on localhost.

## sidecar

Add it to your own deployment as a sidecar.
Add a sidecar container to your own deployment.

Example:
Here is an example, showing all of the `env` that are configurable:

```yaml
spec:
Expand All @@ -24,9 +26,14 @@ spec:
value: arn:aws:rolesanywhere:eu-west-1:123456789012:profile/e7acdea9-3c21-42ab-affc-c448b69eee1b
- name: TRUST_ANCHOR_ARN
value: arn:aws:rolesanywhere:eu-west-1:123456789012:trust-anchor/ee461377-7abd-428f-bc04-ff99b7538920
# DEBUG and PORT are optional.
# Use DEBUG to turn on more logging.
# Use PORT to change which port endpoint should be served on.
- name: DEBUG
value: "false"
image: ghcr.io/ehlomarcus/aws-signin-helper:v1.0.0
- name: PORT
value: "8081"
image: ghcr.io/ehlomarcus/aws-signing-helper:main
imagePullPolicy: IfNotPresent
name: iam-helper
resources:
Expand All @@ -35,12 +42,14 @@ spec:
memory: 128Mi
```
Next you need to add this ENV to your application container. Using this ENV will allow your application (aws-sdk) to discover credentials.
Next you need to add this environmental variable to your application container.
Using `AWS_EC2_METADATA_SERVICE_ENDPOINT` environment variable allow your application ([aws-sdk](https://docs.aws.amazon.com/sdkref/latest/guide/feature-imds-credentials.html)) to discover credentials.

```yaml
spec:
containers:
- env:
- name: AWS_EC2_METADATA_SERVICE_ENDPOINT
value: http://localhost:8081/
```
```

0 comments on commit e754166

Please sign in to comment.