Support AWS Access Keys in retry_join
Closed this issue · 1 comments
Background:
The Consul auto-join feature supports access-keys to discover nodes it should join. Ideally you should be using a role that has the describe-instance permission attached to it. This works great if your cluster is entirely within a single account.
However, there is currently no way use the auto join feature across AWS accounts with IAM roles. The solution for now is to use a AWS access keys to be able to describe instances in a different account.
Problem:
The run-consul script does not support access keys.
Solution
Add the ability to set both access_key_id
and secret_access_key
to the retry_join
block as mentioned here: https://www.consul.io/docs/agent/cloud-auto-join.html#amazon-ec2
Since this isn't a super common use case, is it something you could add to your own config by overriding the configuration?