mesos2iam: IAM Credentials for Containers Running Inside a Mesos Cluster – Zain Malik, Schibsted Media Group
IAM instance profiles are used to limit access to AWS resources by an instance. In this presentation, Zain Malik will show you how to use IAM profile with Mesos tasks.
Right now the alternative is to use same IAM instance profile for all tasks in Mesos. Or saving AWS credentials inside the containers.
The problem comes when one container requires broader permissions or access to different resources than the original instance profile had. Without a proper isolation solution in place, all other tasks can access the resources, which is not a very desirable situation in some cases.
In this presentation, Zain will show how to have isolated IAM profiles for each task, without saving the credentials inside the container. To do that, he will use mesos2iam (github.com/schibsted/mesos2iam) to retrieve credentials in a transparent way for the tasks running in Mesos cluster.
About Zain Malik
Zain Malik is a software engineer with 5 years of experience in building backends heavily based on noSQL databases.
Now is working in Schibsted CRE team, helping to pave a smooth way to deploy containers inside mesos and kubernetes cluster.
Prior to Schibsted, Zain worked in Strands, in core backend team of recommendations engine and eDreams ODIGEO, responsible for tracking events backend