Mercurial > prosody-modules
annotate mod_aws_profile/README.markdown @ 4432:e83284d4d5c2
mod_auth_ccert/README: Add setting to ensure Prosdy asks for client certificate
This used to be the default for all services, but since it triggers
annoying popups in web browsers it was inverted in Prosody and only s2s
enables it, so it needs to be explicitly enabled for c2s again.
See trunk 115b5e32d960
Thanks debacle
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 06 Feb 2021 21:34:25 +0100 |
| parents | 1d719d4ef18f |
| children |
| rev | line source |
|---|---|
|
3698
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 # Introduction |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 This module adds support for reading AWS IAM access credentials from EC2 instance metadata, |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 to allow Prosody modules to gain role-based access to AWS services. |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 # Configuring |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 modules_enabled = { |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 "aws_profile"; |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 } |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 There is no other configuration. |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 # Usage in other modules |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 Other modules can import the credentials as a shared table: |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local aws_credentials = module:shared("/*/aws_profile/credentials"); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 do_something(aws_credentials.access_key, aws_credentials.secret_key); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 Note that credentials are time-limited, and will change periodically. The |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 shared table will automatically be updated. If you need to know when this |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 happens, you can also hook the `'aws_profile/credentials-refreshed'` event: |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 ``` {.lua} |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 module:hook_global("aws_profile/credentials-refreshed", function (new_credentials) |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 -- do something with new_credentials.access_key/secret_key |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end); |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 ``` |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 # Compatibility |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
1d719d4ef18f
mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 Meant for use with Prosody 0.11.x, may work in older versions. |