I’ve got a Node application which needs to auth to Vault, and I was hoping to use the AWS IAM mechanism as it would be a proof of concept for other services I’m running. Let’s see how that works out for us!

From my current understanding, we generate a request to be verified by Vault via AWS STS’s GetRole method. The best example I’ve found so far is a Github issue of someone who has done all the hard work. Let’s see how close I’ve gotten. Looks about right. Actually uses GetCallerIdentity though. To be continued.