Replies: 2 comments 1 reply
-
|
hello. can you please explain more about your problem? This library currently puts the whole AWS SDK client creation on the library user. Once created you plug it in when creating the stream from SQS/KINESIS/SNS/etc |
Beta Was this translation helpful? Give feedback.
-
|
That's what I found. We use - and ask other hospitals to use - to use AWS accounts with very restricted policies. Part of the AWS API is setting up IAM policies. I've put together a command line tool that works with the rest of our system to set up these policies. Everything except the IAM part works via cats IO and fs2. I wrapped the parts of the AWS IAM API that I needed in IO as a stop-gap. It's not pretty, but works well enough. |
Beta Was this translation helpful? Give feedback.
-
|
So you created cli, where you initiate SQS sdk client. And try to read messages from it. And you experiencing some issues with IAM (access to this queue)? |
Beta Was this translation helpful? Give feedback.
-
Thanks for making fs2-aws. We've used it in SHRINE for some months and it's working really well for our SQS needs.
Is there support for setting AWS IAM policies? I've not been able to find it.
I know it's not the most interesting AWS feature by far. I need a way to lock down the SHRINE data sources (that belong to other institutions and their AWS accounts) so that they can very exactly only send and receive from queues created and managed by the SHRINE network admin. (SQS messages comes from big teaching hospitals that attract a lot of hostile hackers who are remarkably causal about interfering with patient care; we keep things battened down as tight as we can.)
The best alternative I've found is Amazon's own aws-java-sdk-iam , but this would be our first direct dependency on that library.
Beta Was this translation helpful? Give feedback.
All reactions