Role Based access for S3

Question

Role Based access for S3

sahil-sawhney opened this issue 4 years ago · 4 comments

Could the aws section in the example conf https://github.com/ysde/grafana-backup-tool/blob/master/examples/grafana-backup.example.json be set up to use AWS role-based access instead of access_key_id and secret_access_key

Answer 1 · 2023-04-13T14:43:03.000Z

This is a must in my opinion. In most common cases, someone should not use IAM credentials, but role-based access should just work.

EDIT: Although, I tried without specifying IAM credentials and it worked, it seems to be picking up the credentials from local enviornment. Same goes for AWS, EC2 Role is used to connect to s3 bucket.

My relevant settings section for this to work:

"aws": {
    "s3_bucket_name": "bucket-name",
    "s3_bucket_key": "grafana-backup",
    "default_region": "us-east-1"
}

Answer 2 · 2024-02-21T17:19:26.000Z

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

Answer 3 · 2024-03-11T10:45:50.000Z

Does any have an example of using the role based access?

Answer 4 · 2024-03-11T12:43:57.000Z

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

I maybe wrong but i think you still need to set boto3's assume_role which could be done when the env AWS_ROLE_ARN/ROLE_ARN is present. https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html ?