This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-11-03
Channels
- # announcements (35)
- # aws (20)
- # babashka (4)
- # beginners (88)
- # cider (9)
- # clara (1)
- # clj-kondo (6)
- # cljsrn (3)
- # clojure (107)
- # clojure-dev (7)
- # clojure-europe (99)
- # clojure-nl (3)
- # clojure-spec (9)
- # clojure-uk (2)
- # clojurescript (28)
- # core-async (53)
- # cursive (11)
- # datascript (1)
- # datomic (2)
- # emacs (20)
- # fulcro (3)
- # graalvm (4)
- # holy-lambda (18)
- # jobs (1)
- # kaocha (7)
- # leiningen (2)
- # lsp (25)
- # luminus (1)
- # membrane-term (52)
- # missionary (8)
- # nextjournal (19)
- # off-topic (16)
- # other-languages (3)
- # podcasts-discuss (2)
- # polylith (23)
- # re-frame (4)
- # reclojure (6)
- # remote-jobs (1)
- # rewrite-clj (36)
- # ring (1)
- # sci (10)
- # shadow-cljs (7)
- # spacemacs (5)
- # sql (20)
- # uncomplicate (1)
- # vscode (3)
- # xtdb (27)
Hi @devn. You're correct — aws-api does not include a built-in provider for the assume role scenario. You can write one and add it in, if you'd like. Here's a POC https://gist.github.com/kennyjwilli/c640f76845451cb145cedaee790d4f9a
@devn if you need more inspiration - here are two developed by my team( for ECS and SSO profiles): https://gist.github.com/lukaszkorecki/120008f7832e23702e94f4205b8e3df5
beautiful. i wonder: is there any chance the aws-api default-credentials-provider will expand in the near future to include these kinds of things, or is the vibe like: “well, you can make your own provider, so no”
I believe it's the 2nd option, my understanding is that aws-api is just for communication with the API itself, how you authorize it is up to you
it's not an equivalent of the official AWS SDK basically, which comes with a lot of extra functionality beyond API integration (for example S3 request pre-signing is a SDK feature, not covered by the API)
if i were more ambitious id probably try to build out some of these providers and drop them in a lib because for instance, sts assume role is not a rare case
yeah, we have an internal wrapper around aws-api which does exactly that (+ a couple of other things that we needed)
I got the question. Why you don’t use official SDK V2 if you know that there are some limitations that you face in aws-api? Not a rant or anything like that, just curiosity.
depends on what you want to do, I think it's ok to use both if you can get best of both worlds (like presigned signature calculation or multipart parallel S3 downloads with TansferManager, but have a more data like access to other APIs)
heh, we can't disclose too much of our secret sauce 😉
@karol.wojcik that's a fair question, right now we use the official SDK only for s3 url presigning, but we keep extending our usage of S3 apis, and they way they're modeled in aws-api is way easier to handle than the interop - in this case it's pretty verbose when using the Java SDK
literally just did a presigned URL thing and ultimately decided to just skip using aws-api due to credentials providers and this
yeah, if it's only about that - I wouldn't bother with aws-api, but as I mentioned - we use S3 in a lot of different ways beyond get/put/delete
i would love to have been able to use it without feeling like i was forcing the issue to stay in clojure-y land
Got it. You have to keep aws-api for consistency and because it makes easier to reason about the code.