Feature Request: Better CloudShell credential support #285
Description
If you try to mount from a CloudShell environment, mount_efs complains that it can't find credentials. I have to get temporary credentials and create an .aws/credentials file for it.
CloudShell provides a very limited IMDSv2-like endpoint that can be used for this purpose:
$ TOKEN=$(curl -XPUT localhost:1338/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
$ curl localhost:1338/latest/meta-data/container/security-credentials -H "X-aws-ec2-metadata-token: $TOKEN"
{
"LastUpdated": "1970-01-01T00:00:00Z",
"Type": "",
"AccessKeyId": "ASIAYYF...",
"SecretAccessKey": "UJbW..5k",
"Token": "IQo..MA==",
"Expiration": "2025-05-15T17:06:59Z",
"Code": "Success"
}
That endpoint unfortunately can't apparently be used to retrieve anything else, like the region.
Another, more general option, would be to support the usual credential environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. That would allow me to just paste in the export commands from the SSO access portal, instead of having to edit them into the credentials file format.