Support AWS Instance Identity Documents

Question

Support AWS Instance Identity Documents

mcpherrinm opened this issue 8 years ago · 2 comments

Today, sharkey requires having an x.509 certificate for the host.

AWS has instance identity documents: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html

Perhaps we could support a client that submits an identity document instead of authenticating with a client certificate.

We'd still need a way to tie an instance document to the hostname(s) we should allow that instance to have, and we should be careful about the security implications here.

Answer 1 · 2016-07-15T01:13:41.000Z

👍 this sounds amazing.

Answer 2 · 2019-08-13T00:40:51.000Z

We're going to outsource all of this sort of thing to SPIFFE