You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update terraspace so it can operate with AWS CLI session tokens provided by AWS_CONTAINER_CREDENTIALS_FULL_URI
Motivation
Due to organizational policies, I can only assume a role suitable for terraspace deployments for one hour. However, some of our terraspace stack operations take longer than that. We use aws-vault to establish AWS CLI sessions. aws-vault has a --server option that refreshes credentials on-demand, avoiding the 1-hour limitation. However, terraspace does not support this mechanism (AWS_CONTAINER_CREDENTIALS_FULL_URI) yet.
Reference-level explanation
Today, we run terrapace like this:
aws-vault exec test -- TS_ENV=test terraspace up my-stack
We would like to run it like this for long-running operations:
aws-vault exec test --server -- TS_ENV=test terraspace up my-stack
Drawbacks
N/A
Unresolved Questions
N/A
The text was updated successfully, but these errors were encountered:
Summary
Update terraspace so it can operate with AWS CLI session tokens provided by AWS_CONTAINER_CREDENTIALS_FULL_URI
Motivation
Due to organizational policies, I can only assume a role suitable for terraspace deployments for one hour. However, some of our terraspace stack operations take longer than that. We use
aws-vaultto establish AWS CLI sessions.aws-vaulthas a--serveroption that refreshes credentials on-demand, avoiding the 1-hour limitation. However, terraspace does not support this mechanism (AWS_CONTAINER_CREDENTIALS_FULL_URI) yet.Reference-level explanation
Today, we run terrapace like this:
We would like to run it like this for long-running operations:
Drawbacks
N/A
Unresolved Questions
N/A
The text was updated successfully, but these errors were encountered: