helm-s3 icon indicating copy to clipboard operation
helm-s3 copied to clipboard

Published 20 hours ago verified publisher icon hypnoglow

Question: should this work with assumed IAM roles?

Open andrei-dascalu opened this issue 3 years ago • 1 comments

Situation: deployed helm in a container in Kubernetes on EKS, using a ServiceAccount setup to assume an IAM role with access to an S3 bucket.

In practice, this results in the following env vars available (in addition to a volume that provides endpoint access to AWS APIs):

AWS_DEFAULT_REGION=eu-west-1
AWS_REGION=eu-west-1
AWS_ROLE_ARN=<my role ARN>
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
AWS_STS_REGIONAL_ENDPOINTS=regional

using the AWS CLI works fine in the same circumstances, I have access to the S3 bucket. However, trying to init a repo with helm s3 init using the same bucket in the same container results in:

upload index to s3: upload index to S3 bucket: AccessDenied: Access Denied

I am not quite sure how to investigate further.

andrei-dascalu avatar Jul 29 '22 06:07 andrei-dascalu

The plugin should support this. What version do you use?

Also you may find an answer here https://github.com/hypnoglow/helm-s3/issues/20 https://github.com/hypnoglow/helm-s3/issues/109

hypnoglow avatar Aug 07 '22 14:08 hypnoglow