Am I the only person using the awesome GitHub - jcberquist/aws-cfml: Lucee/ColdFusion library for interacting with AWS API's ?
We’ve made a few improvements that seem like would be useful, so have opened upstream merge requests; the ability to work with newer IMDSv2 EC2 instances, and Single Sign On for local developers.
tell me more about your SSO enhancements, if you don’t mind.
Sure; our Lucee applications have to make AWS calls, either through the Java SDK or, more recently, aws-cfml.
This needs to work in our production environments, where EC2 role credentials work well, or locally.
With the Java SDK, you can aws soo --profile blash and then launch a Docker image with AWS_PROFILE=blash and the SDK will “just work” to make calls to AWS, as long as the .aws folder is mapped into the container
This means we can use 2FA access for all our developers, and there’s no long lived SDK credentials in our apps, or in developers’ local config; the AWS SDK behind the scenes converts the SSO session to temporary access/secret keys.
aws-cfml doesn’t (yet!) do this little dance so can’t be used locally with 2FA.
I have not, but I instantly recognized the name because for years I’ve been using jcberquist/stripe-cfml and even contributed some to that repo. Good stuff all around from John!