Suppose I have a localdebian environment on an ec2 instance. If I attach a role through an instance profile to the instance, then anything in the instance can auth with the aws api easily.
I’d like to configure halyard to deploy clouddriver in localdebian so that clouddriver will talk to aws through the instance profile. If front50 has to talk to s3, this would also be a good way for that to happen.
I tried passing an empty role:
hal config provider aws account add <redacted> --account-id <redacted> --assume-role ""
But I’m getting (in the cloudriver logs):
Factory method 'synchronizeAwsProvider' threw exception; nested exception is com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: Access denied (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; ...)