grafana-backup-tool icon indicating copy to clipboard operation
grafana-backup-tool copied to clipboard

Published 20 hours ago verified publisher icon ysde

Role Based access for S3

Open sahil-sawhney opened this issue 5 years ago • 4 comments

Could the aws section in the example conf https://github.com/ysde/grafana-backup-tool/blob/master/examples/grafana-backup.example.json be set up to use AWS role-based access instead of access_key_id and secret_access_key

sahil-sawhney avatar Oct 14 '20 19:10 sahil-sawhney

This is a must in my opinion. In most common cases, someone should not use IAM credentials, but role-based access should just work.

EDIT: Although, I tried without specifying IAM credentials and it worked, it seems to be picking up the credentials from local enviornment. Same goes for AWS, EC2 Role is used to connect to s3 bucket.

My relevant settings section for this to work:

"aws": {
    "s3_bucket_name": "bucket-name",
    "s3_bucket_key": "grafana-backup",
    "default_region": "us-east-1"
}

babinos87 avatar Apr 13 '23 14:04 babinos87

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

declan-fitzpatrick avatar Feb 21 '24 17:02 declan-fitzpatrick

Does any have an example of using the role based access?

kaykhan avatar Mar 11 '24 10:03 kaykhan

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

I maybe wrong but i think you still need to set boto3's assume_role which could be done when the env AWS_ROLE_ARN/ROLE_ARN is present. https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html ?

kaykhan avatar Mar 11 '24 12:03 kaykhan