Hi everyone. I have a question with regard to pass...
# ask-community
f
Hi everyone. I have a question with regard to passing credentials. My local prefect agent pulls deployment information from an s3 bucket and does so using its local AWS credentials (i.e.
~/.aws/credentials
). One of my jobs starts a docker container which in turn runs some EC2 infrastructure which also requires credentials obviously. I have a few options now: 1. Give the prefect user EC2 permissions and pass
~/.aws/credentials
keys as an environment variables to my container in the flow 2. Use a different set of credentials entirely (i.e. another user) stored in an AwsCredentials Block and pass that to my container. I'm leaning towards the latter to keep the scopes as separate as possible. Is this the recommended approach though?
1
I've went with the second approach for now. IMO, the prefect user running the orchestration/agents should not be coupled to any specific flows like that.
s
Both options can accomplish the same thing. The benefit of using an AWScredentials block is that you don't need to have creds associated to a user as the block is associated to that specific workspace, so additional users in your workspace can have access and use it easily for any new flows as it lives in that specific workspace
f
Yes, exactly. I'll be reusing the credentials in other flows which init some EC2 infrastructure as well, so I think it would be better to have the used credentials be explicit. Thanks.
💯 1