Comments (5)
Sounds like you need to ensure the IAM role has access to all regions.
I believe you can use a *
for the region in the ARN for the permission. [1][2]
You can then either let chamber infer it's own region using the Metadata API or keep AWS_REGION
set to the current region instead of the region you created the parameter in.
@ejcx and @dfuentes, please correct me if I'm wrong.
[1] https://aws.amazon.com/blogs/mt/the-right-way-to-store-secrets-using-parameter-store/
[2] http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html
from chamber.
Yuck! I don't think we considered this too much.
I think the easy fix is to have an extra ENV var like you pointed out, or some other mechanism so you don't clobber your AWS_REGION
variable.
I can also think of a kind of hacky way to do this where you export the secrets to an encrypted file (with a key that is generated on the fly). Then there are more ways to run your program than just chamber exec
and it can still be secure and you avoid clobbering your region.
@dfuentes is honestly the sane one here though =]. Ill chat with him about it.
from chamber.
Hey, thanks for the responses. I had a think about some kind of wrapper around chamber exec, but thought I'd bring up the env var suggestion, as it's a fair bit less work ;)
Thanks
from chamber.
Totally seems reasonable to add an override environment variable. I will draft up a PR for this
from chamber.
Thanks so much for this!
from chamber.
Related Issues (20)
- Support camel-cased / snake-cased keys HOT 1
- `list` and `exec` on non-existent or inaccessible services fails silently on S3 KMS backend
- Chamber exec bash function HOT 1
- Add option to write the `value` from prompt if `value` is not provided
- Allow reading from and writing to plain text using secretsmanager backend
- Add ability to deploy configs from the configuration file HOT 4
- CVE-2022-27664 - net/http in Go before 1.18.6 and 1.19.x before 1.19.1 HOT 2
- `write` allows for invalid shell variable creation HOT 2
- Security Scans flagging go-complier v1.13.15 HOT 3
- Bug Importing UPPER_CASE_KEYs HOT 3
- consider adding semantic version info in "version" subcommand HOT 4
- Issues with chamber and aws sso
- CVE-2023-24538 - Go Lang 1.19.6 Critical Vulnerability HOT 1
- Please add renovatebot or dependabot to keep dependencies updated HOT 1
- Please consider dropping support for older golang versions like go1.15 and go1.16
- Please consider using GetParameter(s) instead of GetParametersByPath
- Logger writes to stdout, messing up output HOT 2
- Chamber is not working with recommended AWS SSO config that uses sso-session HOT 15
- CVE-2023-29404 - Go Lang Critical Vulnerability HOT 1
- Feature request: No clobber of existing environment variables HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chamber.