MCPcopy Index your code
hub / github.com/coder/coder / postWorkspaceAuthAWSInstanceIdentity

Method postWorkspaceAuthAWSInstanceIdentity

coderd/workspaceresourceauth.go:70–85  ·  view source on GitHub ↗

AWS supports instance identity verification: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html Using this, we can exchange a signed instance payload for an agent token. @Summary Authenticate agent on AWS instance @ID authenticate-agent-on-aws-instance @Security Co

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

68// @Success 200 {object} agentsdk.AuthenticateResponse
69// @Router /api/v2/workspaceagents/aws-instance-identity [post]
70func (api *API) postWorkspaceAuthAWSInstanceIdentity(rw http.ResponseWriter, r *http.Request) {
71 ctx := r.Context()
72 var req agentsdk.AWSInstanceIdentityToken
73 if !httpapi.Read(ctx, rw, r, &req) {
74 return
75 }
76 identity, err := awsidentity.Validate(req.Signature, req.Document, api.AWSCertificates)
77 if err != nil {
78 httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
79 Message: "Invalid AWS identity.",
80 Detail: err.Error(),
81 })
82 return
83 }
84 api.handleAuthInstanceID(rw, r, identity.InstanceID, req.AgentName)
85}
86
87// Google Compute Engine supports instance identity verification:
88// https://cloud.google.com/compute/docs/instances/verifying-instance-identity

Callers

nothing calls this directly

Calls 6

handleAuthInstanceIDMethod · 0.95
ReadFunction · 0.92
ValidateFunction · 0.92
WriteFunction · 0.92
ContextMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected