caddy-s3browser icon indicating copy to clipboard operation
caddy-s3browser copied to clipboard
verified publisher icon techknowlogick

Can I use an instance profile instead of a secret key?

Open munntjlx opened this issue 5 years ago • 4 comments

I want to use, but was wondering what the ability is to use an instance profile to read s3 bucket instead of uid/key combo?

munntjlx avatar Sep 22 '20 18:09 munntjlx

it looks like I could if I use the following environment variable: AWS_PROFILE=test-account myapp might want to include this as an option in the dockerfile?

munntjlx avatar Sep 22 '20 23:09 munntjlx

Looks like it won't work. Would be nice PR to use an instance profile no secretz then.

munntjlx avatar Sep 22 '20 23:09 munntjlx

@munntjlx thanks for opening up this issue. I sadly don't have access to an AWS account to develop this, and so I've tagged this as help-wanted to let others know I'd accept a PR :)

techknowlogick avatar Sep 22 '20 23:09 techknowlogick

I would be happy to have a 'live' session via ms teams or other. I can't program, but I am a very good sysadmin. I keep running into you in my various travels for cool programs. I did look into the go aws SDK and it looks like it supports iam profiles: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html

If you have an application named myapp that uses the SDK, you can run it with the test credentials by setting the variable to test-account myapp, as shown in the following command.

$ AWS_PROFILE=test-account myapp You can also use the SDK to select a profile by specifying os.Setenv("AWS_PROFILE", test-account) before constructing any service clients or by manually setting the credential provider, as shown in the following example.

sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2"), Credentials: credentials.NewSharedCredentials("", "test-account"), })

From: techknowlogick [email protected] Sent: Tuesday, September 22, 2020 19:36 To: techknowlogick/caddy-s3browser Cc: Munn, Thomas (RET-RDU); Mention Subject: Re: [techknowlogick/caddy-s3browser] Can I use an instance profile instead of a secret key? (#82)

*** External email: use caution ***

@munntjlxhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmunntjlx&data=02%7C01%7Cthomas.munn%40lexisnexis.com%7C3028b137d4174e3ecd9f08d85f50661b%7C9274ee3f94254109a27f9fb15c10675d%7C0%7C0%7C637364146204942033&sdata=T%2BUpop79PN3IbawUkm4CX2ch9YzF1R85tYw4nvAR98Y%3D&reserved=0 thanks for opening up this issue. I sadly don't have access to an AWS account to develop this, and so I've tagged this as help-wanted to let others know I'd accept a PR :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftechknowlogick%2Fcaddy-s3browser%2Fissues%2F82%23issuecomment-697037206&data=02%7C01%7Cthomas.munn%40lexisnexis.com%7C3028b137d4174e3ecd9f08d85f50661b%7C9274ee3f94254109a27f9fb15c10675d%7C0%7C0%7C637364146204942033&sdata=ikM2410u%2FcSP1lvesfEPjlPIkTWS1cicLBOxFxoV%2FxE%3D&reserved=0, or unsubscribehttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FALVIUBY7NKXGW64DVCRPNDDSHEYJTANCNFSM4RWDFKTQ&data=02%7C01%7Cthomas.munn%40lexisnexis.com%7C3028b137d4174e3ecd9f08d85f50661b%7C9274ee3f94254109a27f9fb15c10675d%7C0%7C0%7C637364146204952028&sdata=VsSoDJQPeWES%2B1htI%2Fmo0CSc0LDkmAVRtj3ofpb0Dz4%3D&reserved=0.

munntjlx avatar Sep 23 '20 00:09 munntjlx