annotate mod_aws_profile/README.markdown @ 5160:8474a3b80200

mod_firewall: Fix 'is_admin' internal dependency rule #1797 (thanks diane) Looks like the boolean logic was inverted here. Instead, for now, simply check if is_admin is there. It is deprecated in trunk and was briefly removed before being brought back with a 'deprecated' warning as part of the new roles and permissions work. Making this dependency conditioned on the existence of the underlying function should make it work until it actually goes away for real.
author Kim Alvefur <zash@zash.se>
date Fri, 27 Jan 2023 23:06:25 +0100
parents 1d719d4ef18f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3698
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 # Introduction
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 This module adds support for reading AWS IAM access credentials from EC2 instance metadata,
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 to allow Prosody modules to gain role-based access to AWS services.
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 # Configuring
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 ``` {.lua}
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 modules_enabled = {
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 "aws_profile";
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 }
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 ```
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 There is no other configuration.
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 # Usage in other modules
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 Other modules can import the credentials as a shared table:
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 ``` {.lua}
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 local aws_credentials = module:shared("/*/aws_profile/credentials");
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 do_something(aws_credentials.access_key, aws_credentials.secret_key);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 ```
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 Note that credentials are time-limited, and will change periodically. The
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 shared table will automatically be updated. If you need to know when this
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 happens, you can also hook the `'aws_profile/credentials-refreshed'` event:
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 ``` {.lua}
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 module:hook_global("aws_profile/credentials-refreshed", function (new_credentials)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 -- do something with new_credentials.access_key/secret_key
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 end);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 ```
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 # Compatibility
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 Meant for use with Prosody 0.11.x, may work in older versions.