Skip to content

Commit f9509b0

Browse files
christophetdchristophetd
authored
Merge pull request #7 from DataDog/ianferguson/link_to_talk
Link to companion talk in readme for more context
2 parents 2381f3f + 7e17de3 commit f9509b0

File tree

1 file changed

+11
-9
lines changed

1 file changed

+11
-9
lines changed

README.md

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
# Attaché
22

3-
[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)
3+
[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)
44

55
Attaché provides an emulation layer for cloud provider instance metadata APIs, allowing for seamless multi-cloud IAM using Hashicorp Vault.
66

7+
More information can be found in the companion talk, [Freeing Identity from Infrastructure](https://www.youtube.com/watch?v=xifpJbTepCs).
8+
79
<p align="center">
810
<a href="./attache.jpg"><img src="./attache.jpg" alt="Attaché" width="800" /></a>
911
</p>
@@ -105,7 +107,7 @@ gcloud iam service-accounts add-iam-policy-binding application-role@$project.iam
105107
Then we configure the Vault GCP credentials backend, so it can access our prerequisite
106108

107109
```bash
108-
gcloud
110+
gcloud
109111
vault secrets enable -path cloud-iam/gcp/gcp-sandbox gcp
110112
vault write cloud-iam/gcp/gcp-sandbox/config credentials=@gcp-creds.json
111113
vault write cloud-iam/gcp/gcp-sandbox/impersonated-account/application-role service_account_email="application-role@gcp-sandbox.iam.gserviceaccount.com" token_scopes="https://www.googleapis.com/auth/cloud-platform" ttl="4h"
@@ -130,7 +132,7 @@ server:
130132
provider: ""
131133
region: ""
132134
zone: ""
133-
135+
134136
# AWS configuration
135137
aws_vault_mount_path: cloud-iam/aws/012345678901
136138
iam_role: application-role
@@ -139,7 +141,7 @@ imds_v1_allowed: false
139141
# GCP configuration
140142
gcp_vault_mount_path: cloud-iam/gcp/gcp-sandbox
141143
gcp_project_ids:
142-
cloud-iam/gcp/gcp-sandbox: "712781682929"
144+
cloud-iam/gcp/gcp-sandbox: "712781682929"
143145

144146
# Azure configuration (unused here)
145147
azure_vault_mount_path: ""
@@ -199,13 +201,13 @@ from google.cloud import storage
199201

200202
def list_s3_buckets():
201203
s3 = boto3.client('s3')
202-
203-
response = s3.list_buckets()
204+
205+
response = s3.list_buckets()
204206
print(f"Found {len(response['Buckets'])} AWS S3 buckets!")
205207

206208
def list_gcs_buckets():
207209
client = storage.Client()
208-
210+
209211
buckets = client.list_buckets()
210212
print(f"Found {len(list(buckets))} GCS buckets!")
211213

@@ -274,7 +276,7 @@ region: ""
274276

275277
# If applicable, current cloud availability zone (e.g., us-east-1a) where attaché is running
276278
zone: ""
277-
279+
278280
##
279281
# AWS configuration
280282
##
@@ -297,7 +299,7 @@ gcp_vault_mount_path: cloud-iam/gcp/my-gcp-sandbox
297299

298300
# Mapping of Vault paths to Google Cloud project IDs
299301
gcp_project_ids:
300-
cloud-iam/gcp/datadog-sandbox: "012345678901"
302+
cloud-iam/gcp/datadog-sandbox: "012345678901"
301303

302304
##
303305
# Azure configuration

0 commit comments

Comments
 (0)