feat: Support caching provisioner assets (#574)

* feat: Add AWS instance identity authentication

This allows zero-trust authentication for all AWS instances.

Prior to this, AWS instances could be used by passing `CODER_TOKEN`
as an environment variable to the startup script. AWS explicitly
states that secrets should not be passed in startup scripts because
it's user-readable.

* feat: Support caching provisioner assets

This caches the Terraform binary, and Terraform plugins.
Eventually, it could cache other temporary files.

* chore: fix linter

Co-authored-by: Garrett <garrett@coder.com>
This commit is contained in:
Kyle Carberry
2022-03-28 13:57:19 -06:00
committed by GitHub
parent 9485fd62da
commit 13cef7d07c
4 changed files with 23 additions and 5 deletions

View File

@ -16,6 +16,7 @@ PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
CacheDirectory=coder
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
NoNewPrivileges=yes
ExecStart=/usr/bin/coder start