S3 Assume Role

Question

S3 Assume Role

rofc opened this issue 6 years ago · 1 comments

Is there any option to use an assume role with exhibitor 1.7.1? I'm using:

$ java -jar exhibitor-1.7.1.jar -c s3 --s3config bucket:key --s3credentials aws.properties

and the aws.properties looks like:

com.netflix.exhibitor.s3.access-key-id=####################
com.netflix.exhibitor.s3.access-secret-key=$$$$$$$$$$$$$$$$$$$$

is it possible to add something like:

com.netflix.exhibitor.s3.assume-role=arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME

Thank you all in advance.
@rofc

Answer 1 · 2018-12-12T19:29:38.000Z

I was able to assume an IAM Role using STS (with AWS_ACCESS_KEY_ID, AWS_SECRET_KEY and AWS_SESSION_TOKEN environment variables).

As described in AWS Java SDK Docs:

AWSCredentialsProvider implementation that provides credentials by looking at the: AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY) environment variables. If the AWS_SESSION_TOKEN environment variable is also set then temporary credentials will be used.

Since STS provides temporal and limited-privilege credentials, there is a need to use a very own ACCESS_KEY, SECRET_KEY and ROLE_ARN values for native assume-role solution.