Feature Request: AWS IAM Role Service Account
grifx opened this issue · 3 comments
Hi @cosmo0920,
First thank you for your contribution by open-sourcing this project.
I wanted to let you know that AWS introduced a new feature called: IAM Roles for Service Accounts
The problem we're facing is similar to: grafana/grafana#21594
AWS SDK has this concept of CredentialProviderChain. We should use the default chain and prepend (if needed) custom providers based on the configuration provided by the user potentially using the factories provided by the sdk. The Chain will try the providers sequentially and return the FIRST working credential. Basically, we shouldn't have to instantiate the TokenFileWebIdentityCredentials. The SDK should automatically do this for us when using the default CredentialProviderChain.
Alternatively, we can do what has been done on grafana by checking if some env vars are set (it's a bit easier, but will require us to test if it works).
Note: We might have to update the aws-sdk.
I'm not a go developer so I can't do much but I hope this helps.
Thank you,
I'm not familiar with the new AWS IAM RolesCredentials.
Patch is welcome.