From 45270abac7625bc7416d1d7c3f44c5f51f7cfd3d Mon Sep 17 00:00:00 2001 From: Nikhil Benesch Date: Thu, 30 Apr 2015 14:24:51 -0400 Subject: [PATCH] recommend the use of sdk credential file Per @kimpepper's recommendation, recommend the use of the standard AWS SDK credential file in our documentation and missing_credentials error message. Fix #14. --- CHANGELOG.md | 12 ++++++++++++ README.md | 31 ++++++++++++++++++++++++++----- locales/en.yml | 8 +++++++- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 998f7ac..c590c62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## Unreleased + +**Unknown** + +Enhancements: + +* recommend the use of the AWS SDK's centralized credential file [#14] + +Thanks, [@kimpepper][kimpepper]! + ## 1.0.3 **10 March 2015** @@ -72,7 +82,9 @@ Enhancements: [#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7 [#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9 [#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11 +[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14 [andres-rojas]: https://github.com/andres-rojas +[kimpepper]: https://github.com/kimpepper [vagrant-aws]: https://github.com/mitchellh/vagrant-aws diff --git a/README.md b/README.md index 02a1205..d524bdd 100644 --- a/README.md +++ b/README.md @@ -51,13 +51,33 @@ end AWS credentials are read from the standard environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. -If you need to obtain credentials from elsewhere, drop a block like the -following at the top of your Vagrantfile: +You may find it more convenient to use the +[centralized credential file][aws-cred-file] to create a credential +profile. Select the appropriate profile using the `AWS_PROFILE` +environment variable. For example: + +```ini +# ~/.aws/credentials + +[vagrant-s3auth] +aws_access_key_id = AKIAJMEF2VEAT6AXOJZQ +aws_secret_access_key = WkNzH66zoOMTg4q+9eQ6Sf76ehcBrWegj1hjwkey +``` + +```ruby +# Vagrantfile + +ENV['AWS_PROFILE'] = 'vagrant-s3auth' + +Vagrant.configure("2") { |config| ... } +``` + +Alternatively, you can write some Ruby to set the access key directly: ```ruby -creds = File.read(File.expand_path('~/.company-aws-creds')).lines -ENV['AWS_ACCESS_KEY_ID'] = creds[0].chomp -ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp +access_key, secret_key = whizbang_inc_api.fetch_api_creds() +ENV['AWS_ACCESS_KEY_ID'] = access_key +ENV['AWS_SECRET_ACCESS_KEY'] = secret_key ``` ##### IAM configuration @@ -223,6 +243,7 @@ end ``` [aws-403-404]: https://forums.aws.amazon.com/thread.jspa?threadID=56531#jive-message-210346 +[aws-cred-file]: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs [aws-s3-iam]: http://blogs.aws.amazon.com/security/post/Tx3VRSWZ6B3SHAV/Writing-IAM-Policies-How-to-grant-access-to-an-Amazon-S3-bucket [aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader [aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html diff --git a/locales/en.yml b/locales/en.yml index 6d5a148..974f066 100644 --- a/locales/en.yml +++ b/locales/en.yml @@ -2,7 +2,7 @@ en: vagrant_s3auth: errors: missing_credentials: |- - Unable to read AWS credentials from the environment. + Unable to find AWS credentials. Ensure the following variables are set in your environment, or set them at the top of your Vagrantfile: @@ -10,6 +10,12 @@ en: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + Alternatively, you can create a credential profile and set the + + AWS_PROFILE + + environment variable. Consult the documentation for details. + malformed_shorthand_url: |- Malformed shorthand S3 box URL: