Hi All,
Can someone please suggest , how can we integrate ECS with CyberArk Conjur.
I don’t find any CyberArk document on this requirement.
Regards,
Phani.G
I believe Conjur’s AWS IAM Authenticator (docs) should help you here, as ECS deploys containers to EC2 instances.
The AWS IAM Authenticator allows an AWS resource to use its AWS IAM role to authenticate with Conjur. This approach enables EC2 instances and Lambda functions to access credentials stored in Conjur.
Maybe @joe.garcia (author of this related blog post: AWS IAM Authenticator Tutorial For Conjur Open Source) could confirm? Any experience integrating ECS with Conjur?
Hey @phanimngr,
I run authn-iam in ECS in my AWS lab. Just make sure the task definition IAM role matches the role you’ve configured as the Host Identity role.
Here is the repository I created for the demo: GitHub - infamousjoeg/authn-iam-ec2-demo: A demonstration using @CyberArk Conjur's authn-iam integration with AWS EC2. The Dockerfile in that repository is what I used for testing and it worked great. To run the Python script, you’ll need to run aws ecs exec into the container to kick it off. The container is deployed with the entrypoint sleep infinity so it just sits there doing nothing.
TL;DR - Make sure the task definition IAM role matches your host identity and it’ll work.
1 Like
Thanks Jhon & Joe !!
It really helps me
Regards,
Phani.G
As a follow-up, I’ve since made the demo in its own repository and the container now runs as a service outputting to the “Logs” tab in ECS instead of stdout requiring exec inside the container.