AWS to GCP Workload Identity Federation in Amazon ECS.
This is a package for working with Workload Identity Federation on Amazon ECS (EC2 or Fargate).
When you import this package, the ECS task role credentials are set as environment variables, so you can use them without any special awareness.
Refer to the documentation, set up Workload Identity federation and enable access to GCP resources from AWS.
Download credential configuration file (e.g. config-aws-provider.json) and point it to the credential configuration file path.
$ export GOOGLE_APPLICATION_CREDENTIALS=/path/to/config-aws-provider.jsonFor Amazon ECS, by task definitions, you can pass environment variables to a container (documentation).
For example, when executing a query from AWS to BigQuery, it will be as follows.
import aws_ecs_gcp_workload_identity
from google.cloud import bigquery
project_id = 'my-workload-identity'
bqclient = bigquery.Client(project=project_id)
sql = """
SELECT name, age
FROM `my-data-project.my_dataset.my_table`
"""
query_job = bqclient.query(sql)
results = query_job.result()
for row in results:
print("{}, {}".format(row.name, row.age))- Fork (https://github.com/ohsawa0515/aws-ecs-gcp-workload-identity-federation/fork)
- Create a feature branch
- Commit your changes
- Rebase your local changes against the master branch
- Create new Pull Request
See LICENSE.