Skip to content
/ aws-mock-metadata Public

Mock ec2 instance metadata service that can run on a developer machine

License

View license
93 stars 29 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jtblin/aws-mock-metadata

BranchesTags

Repository files navigation

aws-mock-metadata

The ec2 instance metadata service runs on each ec2 instance and provide an api to retrieve information about the running instance as well as getting credentials based on the IAM role.

I needed to run this service locally (in docker) in order to be able to troubleshoot issues with kubernetes with the aws provider. I found an existing python based service but for some reasons I couldn't get it to work in docker with my temporary credentials. I also needed additional features like being able to return an instance id, availability zone, etc. so after a few hours of fighting I decided to create this one.

Docker quick start

docker run -it --rm -p 80:8080 -e AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) \
		-e AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) jtblin/aws-mock-metadata \
		--availability-zone=<az> --instance-id=<id> --hostname=<name> --role-name=<role> --role-arn=<arn>
		--vpc-id=<vpc-id> --private-ip=<ip>

In your other docker image, install iptables and have a startup script that point 169.254.169.254 to the docker host before starting your program:

iptables -t nat -A OUTPUT -d 169.254.169.254 -j DNAT --to-destination ${HOST}

Or if you don't want to modify your docker image, on your docker host (e.g. the one created with docker-machine):

iptables -t nat -A PREROUTING -d 169.254.169.254 -j DNAT --to-destination ${HOST}

Development

Configuration

Set the following environment variables or create a .env file with the following information:

  • AWS_ACCESS_KEY_ID: aws access key
  • AWS_SECRET_ACCESS_KEY: aws secret access key

Command line arguments:

  • APP_PORT: port to run the container on (default 8080)
  • AVAILABILITY_ZONE: ec2 availability zone e.g. ap-southeast-2 (optional)
  • AWS_SESSION_TOKEN: aws session token (optional)
  • HOSTNAME: ec2 hostname (optional)
  • INSTANCE_ID: ec2 instance id (optional)
  • PRIVATE_IP: ec2 private ip address (optional)
  • ROLE_ARN: arn for the role to assume to generate temporary credentials (optional)
  • ROLE_NAME: ec2 role name assigned to the instance (optional)
  • VPC_ID: vpc id (optional)

Note: you will need to have sts:AssumeRole for the role that you want to use to generate temporary credentials. The role also needs to have a trust relationship with the account that you use to assume the role, see http://stackoverflow.com/questions/21956794/aws-assumerole-authorization-not-working/33850060#33850060.

Dependencies

Uses Go Modules, ensure you have Go 1.13.x or later installed.

Run

Run it. This will run the bare server on localhost.

make build run

Run it on 169.254.169.254 on Mac OSX or linux.

make build run-macos
make build run-linux

Run in docker

make docker run-docker

About

Mock ec2 instance metadata service that can run on a developer machine

Resources

Readme

License

View license
Activity

Stars

93 stars

Watchers

7 watching

Forks

29 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages