On Fri, Jul 11, 2014 at 4:44 AM, Tudor Rogoz <[email protected]> wrote:
> Hi all, > > Is it possible to access the juju environment properties directly from > the hooks? > More precisely, I want to have access to the AWS credentials (defined in > the environments.yaml file) directly from the hooks, is this possible? I > can workaround the situation, by defining specific config properties and > duplicate the information there and this way I can get the data by calling > ‘config-get’ function.But I’m just thinking if maybe it would be a cleaner > way to achieve this.Ideas? > > Juju doesn't allow for extraction of provider credentials from the state server as a security measure. Its typically much better to define these as charm config properties, because you can use a separate iam account that's permission scoped to the usage you want rather than proliferating a more privileged account. Even better is using iam roles ( http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) with manual provisioning and workload placement (deploy --to) against the ec2 provider and avoiding the credential management entirely. cheers, Kapil
-- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
