[mapserver-users] Refreshing AWS credentials for the /vsis3/ driver
Mark Korver
mwkorver at gmail.com
Tue Oct 25 10:26:45 PDT 2016
The AWS SDKs take care of getting the keys made available to the EC2
instance via IAM Roles. But if you are running something custom you can get
the key info using a meta data call. See this doc page.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
The keys are rotated so you need to do this using something like cron.
example:
curl
http://169.254.169.254/latest/meta-data/iam/security-credentials/your-IAM-Role-here
You could for example run this every 5 minutes and update environment vars
or check the
expiration time and update 15 minutes before etc. The expiration time is
included in the information that is returned in the
iam/security-credentials/role-name category.
-Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20161025/f43039a6/attachment-0001.html>
More information about the mapserver-users
mailing list