Authentication
myna relies on the standard AWS SDK credential chain. This means it supports the same authentication methods as the AWS CLI.
Core Principles
Section titled “Core Principles”- No Credentials in Files:
mynadoes not store access keys or secrets in its TOML files. It only references profile names (profile = "dev") or role ARNs. - Standard Configuration: It uses the standard
~/.aws/credentialsand~/.aws/configfiles. - Flexibility: Different actions can run as different users/roles.
Supported Methods
Section titled “Supported Methods”myna supports all authentication methods provided by the standard AWS credential chain, including:
- Environment Variables:
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, etc. - Shared Configuration Files: Profiles setup via
aws configureoraws configure sso. - IAM Roles: For EC2/ECS/Lambda instance profiles.
Configuring Authentication
Section titled “Configuring Authentication”You can configure authentication at the Action level.
Using a Named Profile
Section titled “Using a Named Profile”To specify which AWS profile to use, set the profile field in your action’s metadata:
version = "1.0"kind = "lambda.invoke"description = "Invoke Lambda using prod profile"profile = "prod-user"
[lambda]function_name = "my-function"Assuming a Role
Section titled “Assuming a Role”You can also assume a specific IAM role for an action using role_arn. This happens after the initial credentials (from default or named profile) are loaded.
version = "1.0"kind = "lambda.invoke"description = "Invoke using assumed role"profile = "ci-user"role_arn = "arn:aws:iam::123456789012:role/DeployRole"
[lambda]function_name = "deploy-function"SSO Support
Section titled “SSO Support”myna works seamlessly with AWS SSO (Identity Center).
- Login via the AWS CLI:
aws sso login --profile my-sso-profile - Reference the profile in your action:
profile = "my-sso-profile"
If your session has expired, myna will prompt you to login again.