aws-serverless-dataflow is a tool that can survery resources in the user’s AWS account and generate visualisation. In order to access the user’s AWS account, the tool uses AWS’s official SDK which expects configurations and credentials to be configured in ~/.aws/config and ~/.aws/credentials files.
Since those files are under the hidden directory ~/.aws, the “home” interfaces does not help. “personal-files” interfaces is needed for reading those files.
Can I request an approval of this usage? The source code is available at https://github.com/james-hu/aws-serverless-dataflow. Listing page is here: https://snapcraft.io/aws-serverless-dataflow.
Hi @james-hu ,
Since it’s clear that
aws-serverless-dataflow requires access to aws configuration and credentials files, I am +1 for use of
HOME/.aws/credentials files but not auto-connect, since
aws-serverless-dataflow is not the owner of such directories.
@james-hu can you please make sure your snap description explains users your snap is requiring access to their credentials files? I would also make sure you clarify this is not an official AWS snap (@Igor do you have any specific recommendation on this regard?).
@emitorino Sure I will add description about the file access, and will explain that it is not an official AWS snap. Thanks!
Could you please add a note to the description that this is not an AWS tool?
@igor Do you think this would work:
Please note that this tool is not provided nor endorsed by AWS, and if you want it to utilise your AWS credentials and configurations stored under
~/.aws, you will need to explictly grant it the permission to do so either through GUI or
sudo snap connect aws-serverless-dataflow:dot-aws-config-credentials.
+1 for allowing
aws-serverless-dataflow to connect
$HOME/.aws/credentials without auto-connect. FWIW, I think the description text above looks good too
Looks great! +1 from me on this request.
Just noticed the grammar error and fixed it by changing “nor” to “or”.
Now on the listing page it should show (you may need to clear browser cache and refesh) this:
Please note that this tool is not provided or endorsed by AWS, and if you want it to utilise your AWS credentials and configurations stored under
~/.aws , you will need to explictly grant it the permission to do so either through GUI or
sudo snap connect aws-serverless-dataflow:dot-aws-config-credentials .
BTW, today I tried to publish the snap again, I saw a new error message “human review required due to ‘allow-installation’ constraint”. Is this a new error caused by something else, or just reflecting the fact that my personal-files permission request is still being reviewed?
Yes, as this request is still in the 7 day voting period, it has not been actioned yet on the store-side, and so the original error is still seen:
human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (dot-aws-config-credentials, personal-files)
I see. Thanks!
(it is interesting that the system requires reply to be at least 20 characters)
+3 votes for, 0 against. Granting
aws-serverless-dataflow use of
personal-files to access
$HOME/.aws/credentials without auto-connect. This is now live.