apache
Role based EC2 access to S3
Feature Request
The key parameter is required to access S3 using S3StorageDriver https://github.com/apache/libcloud/blob/7b3f55a3ac2ec8423555cd9bac3a42697ffc502c/libcloud/storage/drivers/s3.py#L1224, even if provided it fails down in the code in the absence of secret here https://github.com/apache/libcloud/blob/trunk/libcloud/common/aws.py#L313
Can you suggest the usage of your client for role-based EC2 access to S3 or the possibility to add it? (where key and secret are now known well in advance but using STS for temporary access by tokens)
Thanks!
@Kami Does it make sense to add support for retrieving keys from instance metadata as a part of the library for every provider where it makes sense? I could review and propose an MR. If you don't want to have it in the library then let me know
Thanks!
@denyszhak you can try this code to use the credentials from an IAM instance profile on EC2:
import boto3
from libcloud.storage.types import Provider
from libcloud.storage.providers import get_driver
session = boto3.Session()
credentials = session.get_credentials().get_frozen_credentials()
cls = get_driver(Provider.S3)
driver = cls(region="region", key=credentials.access_key, secret=credentials.secret_key, token=credentials.token)
If you have some long-running operations that use this libcloud driver, you might have to refresh the credentials, though.
Is there a fix for this problem? I know we can use boto3 to get the credentials, but at that point, I might as well use boto3 all the way and remove libcloud, which is not what I want to do. Any suggestions?
