[mapserver-users] Refreshing AWS credentials for the /vsis3/ driver
Even Rouault
even.rouault at spatialys.com
Tue Oct 25 01:04:36 PDT 2016
Le mardi 25 octobre 2016 04:22:27, Peter Schmitt a écrit :
> What is the best way to update Mapserver with current AWS credentials for
> the /vsis3/ driver?
>
> I am using the /vsis3/ driver to render images in a private S3 bucket. I
> am currently setting the credentials as fastcgi parameters in my nginx
> conf. I would like to use temporary credentials provided by IAM roles,
> which change periodically. When the credentials change, I currently have
> to restart Nginx. Ideally I would define the environment variables
> (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) in my
> Mapfile. Since Mapserver reads the mapfile for every request, I could just
> update the Mapfile when the credentials change. I think this would give me
> uninterrupted access to serving imagery using /vsis3/.
Pete,
You're the first user of MapServer I'm aware of reporting use of /vsis3/ (for
those wondering what it is, see
http://www.gdal.org/cpl__vsi_8h.html#a5b4754999acd06444bfda172ff2aaa16)
Congrats !
You could do just what you mention by using the "CONFIG key value" syntax in
the MAP object. See http://mapserver.org/mapfile/map.html
As mentionned in the doc, it is for MapServer config options, but also for any
GDAL config option.
You could put the elements that change in a separate mapfile to avoid rewriting
the whole mapfile, by using the INCLUDE directive (
http://mapserver.org/mapfile/include.html )
There's a tiny risk you would get a race between a incoming request and the
file being rewritten at the same time and thus incomplete. To eliminate that
risk, and get atomicity, you could write completely the new file with a
temporary filename, and rename it as the wished filename at the end.
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
More information about the MapServer-users
mailing list