Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for S3 IAM Role #159

Open
el-hoshino opened this issue Jan 7, 2019 · 4 comments
Open

Add support for S3 IAM Role #159

el-hoshino opened this issue Jan 7, 2019 · 4 comments

Comments

@el-hoshino
Copy link

el-hoshino commented Jan 7, 2019

Enhancement Suggestion

Add an option to use IAM Role instead of Access Key and Secret Key to access Amazon S3 bucket.

Why would the enhancement be useful to most users

If the Access Key or Secret Key become exposed to the public or just someone you don't want him to know about it, you'll need to revoke them and generate a new access key and secret key, which may affect other service you're already using. If IAM Role can be used, unintended exposure won't affect other running service, which I think should be more secure. So it's very appreciated if Rome can support IAM Role.

Rome version:

v0.18.0.51 - Titus Aebutius Elva

OS and version:

macOS 10.14.2 Mojave

@tmspzz
Copy link
Owner

tmspzz commented Jan 7, 2019

@el-hoshino thanks for the suggestion, I think it's a good idea.

However this is very low on the list of enhancements on my list. If you want to give it a shot, please let me know.

@tmspzz
Copy link
Owner

tmspzz commented Feb 11, 2019

@el-hoshino I'm looking into this but I don't understand how this would work.

You still need an access_key and a secret_key.

Maybe you can explain to be how you see this working or point me to some documentation?

@tmspzz
Copy link
Owner

tmspzz commented Feb 11, 2019

Credentials discovery on EC2 via IAM should be already supported without me doing anything:

https://github.com/brendanhay/amazonka/blob/248f7b2a7248222cc21cef6194cd1872ba99ac5d/amazonka/src/Network/AWS/Auth.hs#L225

What I don't understand is... how are you running Rome on EC2?

@el-hoshino
Copy link
Author

@blender Thanks for the investigation! I need to talk with our system department about this issue; I'm not sure how they're using S3, last time I asked them they just said for security reasons they're not very happy to give us the Access Key and Secret Key, instead they can give us IAM Role 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants