support for AWS Instance Profiles

[peterb154]

When a DCS server is hosted in AWS, it is possible to attach an IAM Instance Profile (a IAM role) to the EC2 instance, That role can be granted permissions to do things in AWS. This allows AWS SDK calls to be made without specifying credentials in code/configs.

What happens behind the scenes is that the AWS SDK client uses the the EC2 Instance Metadata Service to pull in temporary creds for the session. In that case, you don't need to put IAM Access keys into the AWS SDK client. See https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credentials.html

In the DCS-gRPC aws.rs code, it looks like we ALWAYS expect AWS credentials to be present.
https://github.com/DCS-gRPC/rust-server/blob/e91b9064f91277abd875b90f0562cd300647c6c1/tts/src/aws.rs#L7C12-L15

This is unnecessary in cases where the DCS server is hosted in AWS and actually less secure.

This issue is a request to allow the AWS tts service to use credentials discovered by sdk client.

[peterb154]

Adding to this, the tts.provider.aws.secret value can easily contain an escape sequence like \n. Might want to warn users about this in the readme.

Also would be helpful to let them know that they can use the "AmazonPollyReadOnlyAccess" managed policy to synthesize speech.

[rurounijones]

I think, realistically, that this feature request is niche enough (servers running on AWS) that support for this would need to be contributed by someone as rkusa, our Rust expert, has limited time to work on things.

[peterb154]

You are probably right, while I know AWS quite well, I personally don't have Rust experience. It would take more time that I have right this moment to learn enough to implement the changes. Maybe we can leave the issue open as a low priority feature request for someone (maybe me someday) who wants to contribute? Thanks.

…

On Wed, Jan 31, 2024 at 3:30 PM Jeffrey Jones ***@***.***> wrote: I think, realistically, that this feature request is niche enough (servers running on AWS) that support for this would need to be contributed by someone. — Reply to this email directly, view it on GitHub <#245 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHRWICC34EQRTINW5ZTNPDYRKZXLAVCNFSM6AAAAAA7HMBXRGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRQGAYDENBZHE> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[rurounijones]

Maybe we can leave the issue open as a low priority feature request for someone (maybe me someday) who wants to contribute?

Yeah, that is fine, I am not fussed about having "old" tickets open.