Log InSign UpBlogRelease Notes

IAM Role Delegation Configuration

Suggest Edits

Scalr supports the use of IAM Role Delegation for AWS Credentials.

To enable this feature the role-delegation configuration must be added to the scalr-server.rb file and a reconfigure must be run.

This configuration specifies the role (via the access keys) to be used along with the principal account ID that will be required when setting trusted relationships to this role.

Scalr will automatically generate single use, short life access keys to be added to a workspaces during a run.

  1. Edit /etc/scalr-server/scalr-server.rb and add a configuration block as shown below with the required substituted values.
app[:configuration] = {
    "scalr" => {
        "aws" => {
          "role_delegation" => {
            "account_types" => {
              "regular" => {
                "access_key_id" => "<access-key-id>",
                "secret_access_key" => "<secret-access-key>",
                "principal_account" => "<account-id>",
                "session_duration" => 3600 # in seconds, optional. 3600 used by default. Use either for AssumeRole action and Role creation through CloudFormation
              },
              #Only use below if cn cloud is needed
              #"cn-cloud" => {
              #  ... # same options as for regular
              #},
              #Only use below if gov cloud is needed
              #"gov-cloud" => {
              #  ... # same options as for regular
              #}
            }
          }
        }
      }
    }
  1. Reconfigure the Scalr server:
/opt/scalr-server/bin/scalr-server-ctl reconfigure

The Role Delegation option will now be available in the AWS cloud credentials screen.

Updated over 1 year ago