I hereby claim:
- I am inkblot on github.
- I am nriffe (https://keybase.io/nriffe) on keybase.
- I have a public key whose fingerprint is 0DAC F5CB D182 3165 D757 C466 CD42 12A8 05A0 58E0
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
ECS task roles are a great security feature that are hard to set up.
The Amazon ECS documentation on setting up task roles tells you to do some questionable things. Among other things, it tells you to run the ECS agent with host networking (a security risk), use an iptables rule to cut off traffic from bridged containers to the host metadata (brittle), and set up additional iptables rules and sysctl settings to route 169.254.170.2:80
to the ECS agent on 127.0.0.1:51679
(brittle again).
#!/bin/bash | |
_SELF="${0##*/}" | |
_HERE="$(dirname $(realpath ${0}))" | |
function parse_url() { | |
local url _url __url proto uphp user_pass host_port user pass host port path query_string | |
url="${1}" |
#!/bin/bash | |
_SELF="${0##*/}" | |
_HERE="$(dirname $(realpath ${0}))" | |
function aws_instance_profile_arn() { | |
curl -s http://169.254.169.254/2019-10-01/meta-data/iam/info | jq -r .InstanceProfileArn | |
} | |
function aws_instance_profile_name() { |