Hi everyone,
I created a simple conjur summon provider that will use an EC2’s IAM role to authenticate to conjur and then pull secrets.
Regards,
Andrew
3 Likes
Awesome, thanks for this @AndrewCopeland!
Do you by chance have any examples you can share of it in action? Like a real-world use case we might be able to use it for?
Kind of like what is written up here for Docker:
1 Like
It looks like there’s some info about that here: https://github.com/AndrewCopeland/conjur-iam-api-key#summon-usage. Definitely check out the README if you’re curious about using this in AWS!
It’s worth noting also that this tool can be used as a Python library for the IAM authenticator 
Thanks for sharing @AndrewCopeland!
Great question @joe.garcia. So in this use case I have an ec2 instance that is used as an agent to push binaries to artifactory.
Given the secrets.yml:
ARTIFACTORY_USERNAME: !var ci/artifactory/username
ARTIFACTORY_PASSWORD: !var ci/artifactory/password
And the environment variables:
export CONJUR_APPLIANCE_URL=https://conjur.yourorg.com
export AUTHN_IAM_SERVICE_ID=dev
export CONJUR_AUTHN_LOGIN=host/cust-portal/<aws-account-id>/<iam-role-name>
export CONJUR_CERT_FILE=./conjur-dev.pem
export CONJUR_ACCOUNT=dev
and the jar file is called:
Maven-Upload-1.1.jar
I can execute the following command to upload by .jar:
summon -p ./iam_provider.py bash -c "curl -X PUT -u $ARTIFACTORY_USERNAME:$ARTIFACTORY_PASSWORD -T Maven-Upload-1.1.jar 'http://localhost:8081/artifactory/libs-release-local/Maven-Upload-1.1.jar'"
Regards,
Andrew
2 Likes