feat: Add AWS instance identity authentication (#570)

* feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2025-07-03 16:13:58 +00:00 · 2022-03-28 13:31:03 -06:00
parent 01957da040
commit a502a5fa14
13 changed files with 583 additions and 37 deletions
--- a/coderd/coderdtest/coderdtest_test.go
+++ b/coderd/coderdtest/coderdtest_test.go
@ -24,5 +24,6 @@ func TestNew(t *testing.T) {
 	coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
 	coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
 	_, _ = coderdtest.NewGoogleInstanceIdentity(t, "example", false)
+	_, _ = coderdtest.NewAWSInstanceIdentity(t, "an-instance")
 	closer.Close()
 }