Accessing AWS Credentials


#1

We have an AWS Cloud Provider configured with the proper Access Key and Secret Access Key. When using an automate method / Service Item, how can I access them? I would not like them to be neither hardcoded nor passed through in a dialog.


Get AWS credentials from the MIQ AWS provider
#2

Hi,

Here’s a method I use to access and get an AWS object from a ManageIQ AWS Cloud Provider:

 def get_aws_object(ext_mgt_system, type="EC2")
    require 'aws-sdk'
    AWS.config(
      :access_key_id => ext_mgt_system.authentication_userid,
      :secret_access_key => ext_mgt_system.authentication_password,
      :region => ext_mgt_system.provider_region
      )
    return Object::const_get("AWS").const_get("#{type}").new()
end

I presume you know how to get the ext_management_system object in Automate already?


#3

Yes I do…I was trying to use ext_management_system but was getting back a null, which led me to believe it wasn’t possible to use it for what I needed. But this method is great, thanks for the help! I’ll have to just work on seeing why I can’t grab the object.


#4

If you can’t find the ext_management_system object, it can always be obtained from a VM object that you know is managed by that ,Amazon account ie:

vm.ext_management_system

Or you can seach the VMDB for Amazon type management systems like so:

list_of_amazon_systems = $evm.vmdb(:ems_amazon).all

#5

I tried using the method you mention - I’m a MIQ newbie
firstly it seems ems_amazon is now deprecated
and secondly - I believe the structure of the ext_management_systems itself has changed

I’m using the latest RedHat CLoudforms 4.5 - could you please help me.

I’m trying to get the credentials of the AWS provider - so I can use it along with the API/CLI to interact with AWS services that CF does not natively interact with like Lambda/Cloudformation etc.


#6

https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html/methods_available_for_automation/chap_methods_available_for_use_with_cloudforms_management_engine#cloud-providers-ems_cloud

key_pairs should give you what you need.


#7

Hi Xian,

Really appreciate your reply - but when I do the below

aws_providers = $evm.vmdb(‘ems_cloud’).all

I get the below error
DEPRECATION WARNING: ems_cloud is deprecated and will be removed from ManageIQ F-release (ManageIQ_Providers_CloudManager) (called from block in service_model_lookup at /var/www/miq/vmdb/lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service_model_legacy.rb:92)

Is there a better way ? If its not too much hassle can you provide your way/snippet?


#8

That is strange, even the latest F-release (Fine) documentation has the same method, so apparently it was not removed… Unfortunately I have no code to share, just checked the docs for you.