[chef] Re: Re: Re: Re: Not able to use IAM role with knife ec2 command


Chronological Thread 
  • From: Varun Shankar < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Not able to use IAM role with knife ec2 command
  • Date: Sat, 25 Oct 2014 19:40:09 +0530

I don't see any ambiguity. According to the docs, server create command given below takes two options:
knife ec2 server create
--iam-profile NAME
The name of the Identity and Access Management (IAM) to apply to this instance.

--use-iam-profile
Use the Identity and Access Management (IAM) profile that is assigned to the current machine.

The first one is the IAM role associated to the node whereas the second one is the IAM role associated with the workstation. The problem is that the second option doesn't work for me. Running "knife ec2 server create --help" doesn't even show this option.

So my question is: Is it possible to use the IAM role associated with the workstation and not keep the EC2 credentials there?

On Sat, Oct 25, 2014 at 6:19 PM, Morgan Blackthorne < " target="_blank"> > wrote:

I think that the docs are ambiguous, but when they say "use", they mean "set". That's why it only applies to instance creation. Saying "the profile to apply" is clearer about it being a set operation.

On Oct 24, 2014 10:24 PM, "Varun Shankar" < " target="_blank"> > wrote:
My workstation is an ec2 instance having an IAM role. I don't want to keep EC2 credentials on this instance. Knife ec2  should be able to use the IAM role attached with the instance. According to the documentation --use-iam-profile parameter does exactly that. But it i not working when I try to use the same.

On Thu, Oct 23, 2014 at 9:08 PM, Julian C. Dunn < " target="_blank"> > wrote:
$ knife ec2 server create --help|grep profile
        --iam-profile NAME           The IAM instance profile to apply
to this instance.

The help options are going to be specific for the subcommand you're
executing. "--iam-profile" makes no sense in the context of listing
servers.

- Julian

On Thu, Oct 23, 2014 at 6:01 AM, Varun Shankar < " target="_blank"> > wrote:
> I am using following version:
> knife-ec2-0.8.0
> Chef: 11.16.0
>
> The documentation here (https://docs.getchef.com/plugin_knife_ec2.html#id7)
> says:
> --use-iam-profile
> Use the Identity and Access Management (IAM) that is assigned to the current
> machine. Default value: false.
>
> But I don't see this option available in knife ec2 command.
>
> ~]$ knife ec2 server list --use-iam-profile
> Error: invalid option: --use-iam-profile
> USAGE: knife ec2 server list (options)
>     -A, --aws-access-key-id KEY      Your AWS Access Key ID
>         --aws-credential-file FILE   File containing AWS credentials as used
> by aws cmdline tools
>     -K SECRET,                       Your AWS API Secret Access Key
>         --aws-secret-access-key
>         --availability-zone          Show availability zones
>     -s, --server-url URL             Chef Server URL
>         --chef-zero-host HOST        Host to start chef-zero on
>         --chef-zero-port PORT        Port to start chef-zero on
>     -k, --key KEY                    API Client Key
>         --[no-]color                 Use colored output, defaults to false
> on Windows, true otherwise
>     -c, --config CONFIG              The configuration file to use
>         --defaults                   Accept default values for all questions
>     -d, --disable-editing            Do not open EDITOR, just accept the
> data as is
>     -e, --editor EDITOR              Set the editor to use for interactive
> commands
>     -E, --environment ENVIRONMENT    Set the Chef environment (except for in
> searches, where this will be flagrantly ignored)
>     -F, --format FORMAT              Which format to use for output
>     -z, --local-mode                 Point knife commands at local
> repository instead of server
>     -n, --no-name                    Do not display name tag in output
>     -u, --user USER                  API Client Username
>         --print-after                Show the data after a destructive
> operation
>         --region REGION              Your AWS region
>     -t, --tags TAG1,TAG2             List of tags to output
>     -V, --verbose                    More verbose output. Use twice for max
> verbosity
>     -v, --version                    Show chef version
>     -y, --yes                        Say yes to all prompts for confirmation
>     -h, --help                       Show this message



--
[ Julian C. Dunn < " target="_blank"> >          * Sorry, I'm    ]
[ WWW: http://www.aquezada.com/staff/julian    * only Web 1.0  ]
[ gopher://sdf.org/1/users/keymaker/           * compliant!    ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9       ]





Archive powered by MHonArc 2.6.16.

§