You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In an EC2 instance, the iam/info endpoint exposes (among other things) the ARN of the instance profile associated with the instance. However, with Hologram, there is no instance profile, only an arn. It could generate a fake instance profile based on the role ARN, e.g., if the current role ARN is arn:aws:iam::123456789012:role/MyRole then expose arn:aws:iam::123456789012:instance-profile/MyRole
This will solve one particular class of use case -- clients that expect the iam/info endpoint to exist but don't need it to resolve to the ARN of a real instance profile. See hashicorp/terraform#12704 and hashicorp/terraform#12951 for one such use case. But, it wouldn't solve for the use case where a client expects the returned ARN to correspond to an actual instance profile.
Thoughts?
The text was updated successfully, but these errors were encountered:
This sounds reasonable; hologram already returns fake data for other endpoints, and sanity-preserving instance profiles have the same name as the contained role anyway.
Hologram doesn't expose the
iam/info
endpoint.In an EC2 instance, the
iam/info
endpoint exposes (among other things) the ARN of the instance profile associated with the instance. However, with Hologram, there is no instance profile, only an arn. It could generate a fake instance profile based on the role ARN, e.g., if the current role ARN isarn:aws:iam::123456789012:role/MyRole
then exposearn:aws:iam::123456789012:instance-profile/MyRole
This will solve one particular class of use case -- clients that expect the
iam/info
endpoint to exist but don't need it to resolve to the ARN of a real instance profile. See hashicorp/terraform#12704 and hashicorp/terraform#12951 for one such use case. But, it wouldn't solve for the use case where a client expects the returned ARN to correspond to an actual instance profile.Thoughts?
The text was updated successfully, but these errors were encountered: