Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for iam/info endpoint? #90

Open
joelthompson opened this issue Jun 13, 2017 · 1 comment
Open

Support for iam/info endpoint? #90

joelthompson opened this issue Jun 13, 2017 · 1 comment

Comments

@joelthompson
Copy link
Contributor

Hologram doesn't expose the iam/info endpoint.

In an EC2 instance, the iam/info endpoint exposes (among other things) the ARN of the instance profile associated with the instance. However, with Hologram, there is no instance profile, only an arn. It could generate a fake instance profile based on the role ARN, e.g., if the current role ARN is arn:aws:iam::123456789012:role/MyRole then expose arn:aws:iam::123456789012:instance-profile/MyRole

This will solve one particular class of use case -- clients that expect the iam/info endpoint to exist but don't need it to resolve to the ARN of a real instance profile. See hashicorp/terraform#12704 and hashicorp/terraform#12951 for one such use case. But, it wouldn't solve for the use case where a client expects the returned ARN to correspond to an actual instance profile.

Thoughts?

@zerth
Copy link
Contributor

zerth commented Jul 21, 2017

This sounds reasonable; hologram already returns fake data for other endpoints, and sanity-preserving instance profiles have the same name as the contained role anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants