Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/stefansundin/vagrant-ec2-metadata

Easily provide vagrant machines with AWS credentials by faking an EC2 metadata server.
https://github.com/stefansundin/vagrant-ec2-metadata

aws credentials ec2 vagrant

Last synced: 2 days ago
JSON representation

Easily provide vagrant machines with AWS credentials by faking an EC2 metadata server.

Host: GitHub
URL: https://github.com/stefansundin/vagrant-ec2-metadata
Owner: stefansundin
License: mit
Archived: true
Created: 2017-10-30T05:57:02.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2023-03-31T23:24:07.000Z (over 1 year ago)
Last Synced: 2024-09-20T16:10:12.723Z (7 days ago)
Topics: aws, credentials, ec2, vagrant
Language: Ruby
Homepage: https://rubygems.org/gems/vagrant-ec2-metadata
Size: 27.3 KB
Stars: 1
Watchers: 0
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# vagrant-ec2-metadata

The best way to pass AWS credentials to your Vagrant machines.

## Install

The plugin only supports Linux guests that have iptables installed.

```shell
vagrant plugin install vagrant-ec2-metadata
```

Then add this to your Vagrantfile:

```ruby
Vagrant.configure("2") do |config|
[...]

# Put these lines above other provisioners that need to use the credentials
config.ec2_metadata.profile = "default"
config.ec2_metadata.role_arn = "arn:aws:iam::123456789012:role/ReadOnlyRole"
config.vm.provision "ec2-metadata", run: "always"

[...]
end
```

See [the examples](examples) for more information.

## What

By using this plugin, you can pass through credentials to your VMs without
having to copy or hardcode credentials to the VM.

It works by faking an [EC2 metadata server](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html),
which is the same way an EC2 server with an assigned role retrieves its credentials.

**You must run the webserver that serves these requests when you want the VMs to
be able to access their credentials. Start it by running:**

```shell
vagrant ec2-metadata
```

## Why?

This plugin provides the following benefits:
- the VM never gets access to a permanent key, the credentials expire after one hour.
- you can use a role, allowing you to easily give the VM the same permissions that your production servers are running, without any changes to the application code.

Other ways of configuring AWS credentials for your VMs are:

- Hardcoding AWS credentials
- **Why it's bad:**
- you run a high risk of accidentally committing the key to a public source code repository.
- everyone on your team are using the same key, making auditing harder.
- it's hard to rotate the key.

- Using a synced folder like the following:
```ruby
config.vm.synced_folder "#{ENV["HOME"]}/.aws", "/home/ubuntu/.aws/"
```
- While much better than hardcoding credentials, this is still not great.
- **Why it's bad:**
- you have to link the folder to every user inside of the VM.
- the VM gets access to all of your credentials, when it probably only needs a subset.
- the VM can modify your `.aws` files.