IAM Credentials Wiki Instructions No Longer Accurate
Closed this issue · 2 comments
The documentation at https://github.com/Netflix/priam/wiki/Setup is no longer up to date as of ba82d30, as far as I can tell.
I suck at Java - could someone kindly explain the new method used to employ the EC2 metadata, rather than the credentials file?
Hi @PacketFiend the default for Credentials in Priam has not changed. The default implementation for ICredential is ClearCredential.java i.e. by reading the file in "/etc/awscredential.properties". Granted this is not the best way as your AWS credentials are exposed.
Alternate way (and recommended) way is to use IAMCrednetial, when you run Priam on AWS. Since, priam only runs on AWS this is a clear winner. This automatically picks up the credentials loaded on your EC2 instance and forwards them to all the other services. For this, you will need to alter the Priam code by adding a new line in PriamGuiceModule as explained in setup wiki:
bind(ICredential.class).to(IAMCredential.class);
This will change the default binding of ICredential from ClearCredential to IAMCredential.
Note that with that code change I just removed some redundant binding and so you don't replace the line but add a line.
Let me know if you need more help on this.
Awesome, thanks, that was it.