0 votes
27 views
by Rookie
Are there any plans to support backup using IAM role instead of static credentials? It doesn't look like this is currently supported, but it would be very nice to have. We can't use static credentials in our environment.

Thanks,
by Expert
Can you give an example?

Honestly, I've never seen an app using IAM roles to Access AWS resources, I'm not even sure if that's possible.
by Rookie

This is an example of a wordpress plugin that uses a role defined in the config file.

https://deliciousbrains.com/wp-offload-media/doc/iam-roles/

AWS roles use the default credentials on the system. Those credentials are rotated all the time and since they expire, they are more secure.

Here's an example of how Webinoly could retrieve the credentials:

When running the backup config you would need the user to specify the IAM role attached the the EC2 instance. In this example, let's call it "webinoly-server-role"

IAM_ROLE=webinoly-server-role

This will get you the AccessKeyId:

wget -q -O - http://169.254.169.254/latest/meta-data/iam/security-credentials/webinoly-server-role | awk /AccessKeyId/ | awk -F "\"" '{print $4}'

This will get you the SecretAccessKey:

wget -q -O - http://169.254.169.254/latest/meta-data/iam/security-credentials/webinoly-server-role | awk /SecretAccessKey/ | awk -F "\"" '{print $4}'

You would have to update the credentials used in the script to use those. Or maybe a script could run before the backup and grab the new credentials and update the credential file where they are stored. 

Hope that helps explain it better at least.

1 Answer

0 votes
by Expert

Ok, now I understand and to be honest I don't think it makes sense to this project, at least for now.

  • First of all, Webinoly only makes easier the use of Duply and Duplicity to make backups, which means that we are limited for what they actually support.
  • You say you can not use AWS Credentials, but IAM roles are only a different way to retrieve AWS Credentials. So, you still need these credentials, therefore I think this will not solve your problem.

Also, this is something that you can maybe achieve without the official support of Webinoly. 

Read: https://answers.launchpad.net/ubuntu/+source/duplicity/+question/271199

Try it and maybe you can tell us how to do it.

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

If you have a question about Webinoly, please ask in English or Spanish.

To report a bug, please ask a question here with the bug tag.

Donations

Webinoly Support Paypal Donations Webinoly Support Bitcoin Donations

Your regular donations is what keep this project moving forward. If you like Webinoly, buy me a coffee or a beer to show support.

Affiliate Links

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...