[cs615asa] EC2_CERT and EC2_PRIVATE_KEY question
Jan Schaumann
jschauma at stevens.edu
Sun Apr 19 11:24:19 EDT 2015
JoaoPaulo Rodrigues <jrodrig9 at stevens.edu> wrote:
> Going through some documentation (
> http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-common-args-api.html)
> I noticed that EC2_CERT and EC2_PRIVATE_KEY have been deprecated. Should we
> be using environment variables for the access_key and the secret_access_key
> instead?
Because using the 'ec2-*' tools is deprecated, you should not use them.
Instead, you should use the 'aws' command. That requires you to have
your credentials set up correctly via a configuration file, pointed to
by the AWS_CONFIG_FILE environment variable.
As per the ec2-backup manual page provided to you:
ec2-backup assumes that the user has set up their environment for
general use with the EC2 tools. That is, it will not set or modify
the variables AWS_CONFIG_FILE, EC2_CERT, EC2_HOME or EC2_PRIVATE_KEY.
If you write ec2-backup to not use the 'aws' command-line tool for
interactions with AWS and you need to get the access key, then you've
painted yourself in a corner. You _can_ make that work, but it requires
more effort than likely necessary. That is, you'd have to:
- check for existence of AWS_CONFIG_FILE
- if it exists, parse it correctly and handle all possible bogus input from it
- if it doesn't exist, attempt to fall back to the deprecated EC2_CERT
and EC2_PRIVATE_KEY options
- handle the possible error scenarios of each of those being bogus
- handle the possible error scenarios from reading the various files
Adding code for all this is likely to introduce bugs, unexpected errors
and user-interactions, and make your tool more brittle.
I'd recommend against this and would instead suggest you use the 'aws'
command-line utility for interactions with AWS.
-Jan
More information about the cs615asa
mailing list