Thanks for the quick response. The issue I’m hitting is that my company isn’t comfortable providing or using persistent API keys as these need to be associated with an audit-able account (using a profile role) and these keys need to be rolled on a regular basis.
It’s the AWS equivalent of using --profile for all functionality. The profile roles also include a session token making their access temporary. I’m trying to determine the best course of action working within these constraints and still getting cloudman running. It appears a lot of the core functionality invokes SDK calls directly using only a users account credentials:
tmp_conn = EC2Connection(self.aws_access_key,./cloudman/cloudman/cm/clouds/ec2.py: self.aws_access_key, self.aws_secret_key, region=region)
So I’m looking for an alternate route that allow for profile roles.