LabVIEW Cloud Toolkits

cancel
Showing results for 
Search instead for 
Did you mean: 

Logon to S3 with I AM ROLE

Hi,

 

has anyone tried to upload and download the files from S3 with the I AM role option? Is there any support available for the same using the toolkit?

 

I could logon to the Personal s3 using the keys (Access and Secret Keys), but to access the Organization S3, it needs to be done using the IAM role (through an Amazon EC2 server). So if anyone has any experience on this topic, please suggest or share any sample code

Regards
Guru (CLA)
0 Kudos
Message 1 of 4
(2,436 Views)

Hi,

 

I've never tried out authentication through an IAM role, but I think it should be feasible. This AWS documentation brought me up to speed on the concept on a high level.

Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances

 

For actual implementation in a LabVIEW app, it looks like EC2 instances are hosting a local service that you can perform a HTTP GET to get the temporary access key and secret keys that have been granted to that specific EC2 instance. Then the keys returned can be used how you've normally accessed the s3 buckets through the AWS toolkit.

Retrieving Security Credentials from Instance Metadata

 

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access

 

The following is example output.

 

{
  "Code" : "Success",
  "LastUpdated" : "2012-04-26T16:39:16Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "ASIAIOSFODNN7EXAMPLE",
  "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
  "Token" : "token",
  "Expiration" : "2017-05-17T15:09:54Z"
}

 

Hopefully that works out for you!

 

Danny Funk -- Group Manager -- LabVIEW R&D -- National Instruments
0 Kudos
Message 2 of 4
(2,430 Views)

Hi,

 

I don't understand where you are suppose to put the security token you will receive with your temporary credentials. The AWS Credentials typedef in input of every vi of the Tool Kit seems to have only room for access key and secret key but according to https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html the security token has to be added to the header of every request. Am I missing something or will it be necessary to modify the Tool Kit to accept authentication with the security token

 

 

0 Kudos
Message 3 of 4
(2,205 Views)

I suspect this can be achieved by CLI and the toolkit is not able to do this.

0 Kudos
Message 4 of 4
(2,201 Views)