Request for classic confinement: skuld


#1

Hello,

I created a snap called skuld that allows users of the AWS CLI/SDK to generate temporary credentials with an MFA device and store them in their .aws/credentials under a an AWS profile to use when calling the AWS API (via the cli or SDK). skuld itself is a terminal program.

Together with a correct policy in AWS, skuld can be used to force the usage of an MFA device with the AccessKey/SecretKey credentials.

skuld manipulates the ~/.aws/credentials and ~/.aws/config files and therefore requires classic confinement. An alternative would be to have an interface to allow access the ~/.aws directory (the ~/.aws interface would useful for all kinds of cli tools and apps that needs AWS credentials).


#2

Hello,

Any progress on this issue? Is something incorrect the snap registration?

cheers, stan.


#3

@niemeyer - thoughts? We recently added a juju-client-observe interface. I suspect this would be aws-control?