Add AWS EC2 auth method to the collection

[mechastorm]

SUMMARY

Official support for the ec2 auth method to generate a Vault Token

ISSUE TYPE

• Feature Idea

COMPONENT NAME

community.hashi_vault.vault_login

ADDITIONAL INFORMATION

From what I can understand from the documentation for this module, it does not support using native EC2 IMDS signature to login. Please correct me if I had misundersood this.

This auth method is useful for running on EC2 servers and would ensure the vault_login covers it. For now the workaround is doing manual Ansible uri calls for the Signature and either using the direct Vault Endpoint or Vault Agent / CLI to get a valid vault token.

[briantist]

Hi @mechastorm , you are correct that we don't currently support this auth method in the collection. We do support AWS IAM authentication, and IAM auth in Vault can be set to use EC2 inferencing (with some caveats, see the same documentation page you linked). HashiCorp also recommends using IAM auth rather than EC2 auth in most cases, so that might be something to consider.

That being said, it's a perfectly valid feature request.

I don't have any plans to implement it myself, but would welcome a PR to add the functionality.

If you're interested in adding this yourself we have a Contributor guide that can help you get started. Don't hesitate to ask any additional questions as needed.