add doc urging use of IAM roles in production, ref gh-4

2013-10-17 06:19:06 -04:00 · 2013-10-17 06:19:06 -04:00 · a2fc3400bc
commit a2fc3400bc
parent 21ed5eb278
1 changed files with 15 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -54,6 +54,21 @@ to do anything:
 (def client (sqs/create-client "your aws id" "your aws secret-key"))
 ```

+<div style="border:5px solid gray">
+**Security Note** If your application using Bandalore is deployed to EC2, _you
+should not put your AWS credentials on those EC2 nodes_.  Rather,
+  [give your EC2 instances IAM roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html),
+  and use the nullary arity of `create-client`:
+  
+```clojure
+(require '[cemerick.bandalore :as sqs])
+(def client (sqs/create-client))
+```
+
+This will use credentials assigned to your EC2 node based on its
+role that are automatically rotated.
+</div>
+
 You can create, delete, and list queues:

 ```clojure