Mercurial > prosody-modules
annotate mod_aws_profile/README.markdown @ 4260:c539334dd01a
mod_http_oauth2: Rescope oauth client config into users' storage
This produces client_id of the form owner@host/random and prevents
clients from being deleted by registering an account with the same name
and then deleting the account, as well as having the client
automatically be deleted when the owner account is removed.
On one hand, this leaks the bare JID of the creator to users. On the
other hand, it makes it obvious who made the oauth application.
This module is experimental and only for developers, so this can be
changed if a better method comes up.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 21 Nov 2020 23:55:10 +0100 |
parents | 1d719d4ef18f |
children |
rev | line source |
---|---|
3698
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 # Introduction |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 This module adds support for reading AWS IAM access credentials from EC2 instance metadata, |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 to allow Prosody modules to gain role-based access to AWS services. |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 # Configuring |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 ``` {.lua} |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 modules_enabled = { |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 "aws_profile"; |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 } |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 ``` |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 There is no other configuration. |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 # Usage in other modules |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 Other modules can import the credentials as a shared table: |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 ``` {.lua} |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local aws_credentials = module:shared("/*/aws_profile/credentials"); |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 do_something(aws_credentials.access_key, aws_credentials.secret_key); |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 ``` |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 Note that credentials are time-limited, and will change periodically. The |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 shared table will automatically be updated. If you need to know when this |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 happens, you can also hook the `'aws_profile/credentials-refreshed'` event: |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 ``` {.lua} |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 module:hook_global("aws_profile/credentials-refreshed", function (new_credentials) |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 -- do something with new_credentials.access_key/secret_key |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end); |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 ``` |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 # Compatibility |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 Meant for use with Prosody 0.11.x, may work in older versions. |