Last active
March 13, 2018 04:08
-
-
Save chrisferry/f716d3e74d534598eaa5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define :docker_ecr_login, | |
| region: 'us-east-1', | |
| registry_url: nil do | |
| include_recipe 'poise-python::default' | |
| python_package 'awscli' do | |
| version node['systems']['awscli']['version'] | |
| action :upgrade | |
| end | |
| ruby_block "grab_login_password" do | |
| block do | |
| #tricky way to load this Chef::Mixin::ShellOut utilities | |
| Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut) | |
| ecr_login_command = 'aws ecr get-login --region ' + params[:region] + '|cut -d " " -f 6' | |
| ecr_password = shell_out(ecr_login_command) | |
| Chef::Log.debug("ECR Password: #{ecr_password.stdout}") | |
| node.set['aws']['ecr_password'] = ecr_password.stdout | |
| end | |
| action :create | |
| end | |
| docker_registry "https://#{params[:registry_url]}" do | |
| username 'AWS' | |
| password lazy { node['aws']['ecr_password'] } | |
| end | |
| end |
I notice that the code installs the AWS CLI, but it does not configure it with any IAM auth credentials before calling the ecr get-login command; I wonder how that works, anyone know? :\
I guess it's more of an AWS question than a Chef question, but it is still holding me up.
Edit: Well, I answered my own question: Using AWS IAM roles and instance profiles; the AWS CLI will automatically assume the role assigned to the EC2 instance it is being executed on.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice, thanks