Minor Description
AWS supports instance profiles so users don't need to manage credentials on individual instances.
Please update the AWS connector so that the access key and secret are optional, and if not given try to use those provided by an instance profile attached to the instance if one exists. Most AWS SDKs support this, so it should just be a matter of updating the AWS SDK and making those two parameters optional.
As a bonus, it'd be great for development if it also looked in environment variables for the token and secret as well. That way users of the AWS connector could choose not to pass the token & secret, but if they exported them into their environment they would be picked up. This would allow local development on a non-EC2 instance (i.e. an instance without an instance profile attached).
So, the order of resolution would be:
1. If key & token are provided to the AWS connector, use them (current behaviour).
2. If not, try to pull out AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from environment variables, and use those. If not present, expect the AWS SDK to look into an instance profile associated with the instance for credentials.
See https://github.com/aws/aws-cli for an example implementation with python/boto. The suggestion above mirrors the approach they take.
Attachments
Issue Links
- breaks
-
CAMEL-11489 Declaring AWS endpoint with accessKey and secretKey, and without amazonS3Client should be possible.
-
- Closed
-
- links to
