I've successfully managed to deploy a Wildfly cluster in AWS, using the jGroups S3_Ping functionality rather than the normal broadcast method. However, all of the documentation I've seen requires me to provide the AWS access key and secret within the configuration in order to write to the configured S3 buckets. I don't like the idea of putting those values into a configuration file from a security perspective. I'd much prefer to use IAM Instance Roles and grant that role access to my S3 bucket instead. Does anyone know of a way to configure Wildfly to use the IAM instance role instead of hardcoded access key/secret values? If not, is there a better way of handling those values rather than hard-coding them in the configuration file? Thanks!!
Asked
Active
Viewed 430 times
1 Answers
0
It appears jGroups S3_Ping is not using the AWS SDK, but rather implemented (parts of) the S3 API themselves. Please note, this is an assumption based on seeing its method interface strictly requiring both AWS_ACCESS_KEY as well as the secret as a string, not on reading the actual code. If that's the case you are out of options, unfortunately. Your approach on not hard-coding static credentials but rather rely on dynamic access via instance profiles should be preferred.
Also there exists a repository on Github named 'native S3 ping' which states its based on the official AWS SDK, leveraging its mechanisms of credentials detection and support for environment variables and profiles.
Marvin Frick
- 196
- 4