I created a snap called
skuld that allows users of the AWS CLI/SDK to generate temporary credentials with an MFA device and store them in their
.aws/credentials under a an AWS profile to use when calling the AWS API (via the cli or SDK).
skuld itself is a terminal program.
Together with a correct policy in AWS,
skuld can be used to force the usage of an MFA device with the AccessKey/SecretKey credentials.
skuld manipulates the
~/.aws/config files and therefore requires classic confinement. An alternative would be to have an interface to allow access the
~/.aws directory (the
~/.aws interface would useful for all kinds of cli tools and apps that needs AWS credentials).
Any progress on this issue? Is something incorrect the snap registration?
@niemeyer - thoughts? We recently added a juju-client-observe interface. I suspect this would be aws-control?
@niemeyer - can you comment?
@jdstrand This sounds like a good fit for that new interface we discussed in the sprint last week, that would allow access to specific directories, but only after review.
@stanhbb Do you have a link for the project and source code?
Ok. This is captured in trello and assigned to me after a few other things. It should make the next snapd release.
@niemeyer: you can see the code here: https://github.com/DEEP-IMPACT-AG/skuld
the new interface sounds great; i would prefer something like that classic confinement.
Did this make the next snapd release? Which one?
@popey - it is not implemented yet. Sorry. @niemeyer - since this isn’t implemented yet, should we consider this snap for classic?
The interface is up for review and should be on the next release.
You may follow its development here: