These are python 2 and 3 snippets showing how to generate headers to authenticate with HashiCorp's Vault using the AWS authentication method. There's also a Ruby implementation which uses version 3 of the AWS SDK for Ruby.
The python scripts look for credentials in the
default boto3 locations;
if you need to supply custom credentials (such as from an AssumeRole
call), you would use the
botocore.session.set_credentials
method before calling create_client
.
The ruby script looks for credentials from the default SDK locations.
Thanks to @copumpkin for much of the original python 2 implementation (provided privately) on which this was based.
Thanks to @stark525 for starting the python 3 port, on which the python 3 implementation is based.
Does anyone have a NodeJS variant? I'm struggling in figuring out how to add the custom
X-Vault-AWS-IAM-Server-ID
header. Using AWS Node.js SDK - https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#getCallerIdentity-property, but it doesn't look like there is a way to add to the request headers (unless I'm missing something)...