Skip to content

Commit c915f0f

Browse files
denniseffingdenniseffing
committed
feat: add aws-signing-helper image
1 parent d4bbef9 commit c915f0f

File tree

3 files changed

+95
-0
lines changed

3 files changed

+95
-0
lines changed

apps/aws-signing-helper/Dockerfile

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
FROM alpine:3.22.1
2+
3+
ARG TARGETARCH
4+
ARG ARCH=${TARGETARCH/arm64/Aarch64}
5+
ARG ARCH=${ARCH/amd64/X86_64}
6+
ARG VERSION
7+
8+
USER root
9+
WORKDIR /app
10+
11+
RUN \
12+
apk add --no-cache \
13+
bash \
14+
curl \
15+
libc6-compat \
16+
libgcc \
17+
&& mkdir -p /app/bin \
18+
&& curl -fsSL -o /tmp/aws-signing-helper "https://rolesanywhere.amazonaws.com/releases/${VERSION}/${ARCH}/Linux/aws_signing_helper" \
19+
&& mv -t /app/bin /tmp/aws-signing-helper \
20+
&& chown -R root:root /app && chmod -R 755 /app \
21+
&& rm -rf /tmp/*
22+
23+
USER nobody:nogroup
24+
WORKDIR /config
25+
VOLUME ["/config"]
26+
27+
ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"]

apps/aws-signing-helper/docker-bake.hcl

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
target "docker-metadata-action" {}
2+
3+
variable "APP" {
4+
default = "aws-signing-helper"
5+
}
6+
7+
variable "VERSION" {
8+
// renovate: datasource=github-releases depName=aws/rolesanywhere-credential-helper
9+
default = "1.7.0"
10+
}
11+
12+
variable "SOURCE" {
13+
default = "https://github.com/aws/rolesanywhere-credential-helper"
14+
}
15+
16+
group "default" {
17+
targets = ["image-local"]
18+
}
19+
20+
target "image" {
21+
inherits = ["docker-metadata-action"]
22+
args = {
23+
VERSION = "${VERSION}"
24+
}
25+
labels = {
26+
"org.opencontainers.image.source" = "${SOURCE}"
27+
}
28+
}
29+
30+
target "image-local" {
31+
inherits = ["image"]
32+
output = ["type=docker"]
33+
tags = ["${APP}:${VERSION}"]
34+
}
35+
36+
target "image-all" {
37+
inherits = ["image"]
38+
platforms = [
39+
"linux/amd64",
40+
"linux/arm64"
41+
]
42+
}

apps/aws-signing-helper/entrypoint.sh

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
#!/usr/bin/env bash
2+
3+
if [[ -z "$TRUST_ANCHOR_ARN" ]]; then
4+
echo "❌ Must provide TRUST_ANCHOR_ARN environment variable." 1>&2
5+
exit 1
6+
fi
7+
8+
if [[ -z "$PROFILE_ARN" ]]; then
9+
echo "❌ Must provide PROFILE_ARN environment variable." 1>&2
10+
exit 1
11+
fi
12+
13+
if [[ -z "$ROLE_ARN" ]]; then
14+
echo "❌ Must provide ROLE_ARN environment variable." 1>&2
15+
exit 1
16+
fi
17+
18+
echo "🚀 Starting IMDSv2 endpoint with aws_signing_helper ..."
19+
20+
exec \
21+
/app/bin/aws_signing_helper serve \
22+
--certificate /iamra/tls.crt \
23+
--private-key /iamra/tls.key \
24+
--trust-anchor-arn $TRUST_ANCHOR_ARN \
25+
--profile-arn $PROFILE_ARN \
26+
--role-arn $ROLE_ARN

0 commit comments

Comments
 (0)