Le mardi 25 octobre 2016 04:22:27, Peter Schmitt a écrit : > What is the best way to update Mapserver with current AWS credentials for > the /vsis3/ driver? > > I am using the /vsis3/ driver to render images in a private S3 bucket. I > am currently setting the credentials as fastcgi parameters in my nginx > conf. I would like to use temporary credentials provided by IAM roles, > which change periodically. When the credentials change, I currently have > to restart Nginx. Ideally I would define the environment variables > (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) in my > Mapfile. Since Mapserver reads the mapfile for every request, I could just > update the Mapfile when the credentials change. I think this would give me > uninterrupted access to serving imagery using /vsis3/.
Pete, You're the first user of MapServer I'm aware of reporting use of /vsis3/ (for those wondering what it is, see http://www.gdal.org/cpl__vsi_8h.html#a5b4754999acd06444bfda172ff2aaa16) Congrats ! You could do just what you mention by using the "CONFIG key value" syntax in the MAP object. See http://mapserver.org/mapfile/map.html As mentionned in the doc, it is for MapServer config options, but also for any GDAL config option. You could put the elements that change in a separate mapfile to avoid rewriting the whole mapfile, by using the INCLUDE directive ( http://mapserver.org/mapfile/include.html ) There's a tiny risk you would get a race between a incoming request and the file being rewritten at the same time and thus incomplete. To eliminate that risk, and get atomicity, you could write completely the new file with a temporary filename, and rename it as the wished filename at the end. Even -- Spatialys - Geospatial professional services http://www.spatialys.com _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
