Supporting AWS IAM/EC2 authentication

Question

Supporting AWS IAM/EC2 authentication

Closed this issue 3 years ago · 1 comments

Is there a plan to support AWS IAM/EC2 authentication with Vault, as an alternative to a Vault token? It would be nice to have this functionality which would make it unnecessary to manually set up a Vault token for use by the puppet server.
It looks like Vault Ruby client https://github.com/hashicorp/vault-ruby supports AWS EC2 authentication
Has this been considered before?

Answer 1 · 2021-07-23T08:04:50.000Z

I'd probably not include this unless someone wanted to do the heavy lifting of implementing the main logic themselves, and stick to regular token based authentication.

However, you could cover this usecase by using the vault-agent with AWS IAM auth, then pointing to the vault-agent in hiera_vault, or using it's token file sink as a token path.