[Advanced Amazon S3] Use IAM Instance Roles instead of AccessKeys !! Please
Forge component by Ricardo Pereira

Hi,

Our team has recently install this S3 access plugin. While the plugin works and allow S3 access it does require an AccessKey to be managed. AccessKey can leak and they also age.


Can you guys leverage the IAM Instance Role when running from an EC2 Instance?

Normally, in the API if they key is not there it should revert to default IAM role.. you can simply allow no keys and if no keys you might use the default connection to the api.

I propose to change the code in the AdvancedAmazonS3.cs to replace the current blocks in every functions to use a global function to initialize the AmazonS3 client.


code as follow;

        /// <summary>

        ///  use this line in your code:            AmazonS3 client = getAmazonS3Client(sstoken, ssuseProxy, ssproxyDetails);

        /// </summary>

        /// <param name="sstoken"></param>

        /// <param name="ssuseProxy"></param>

        /// <param name="ssproxyDetails"></param>

        /// <returns></returns>

        private AmazonS3 getAmazonS3Client(RCAmazonTokenRecord sstoken, bool ssuseProxy, RCProxyDetailsRecord ssproxyDetails)

        {

            AmazonS3 client;


            if (ssuseProxy && IsValidProxyDetails(ssproxyDetails))

            {

                AmazonS3Config config = new AmazonS3Config();

                config.ProxyHost = ssproxyDetails.ssSTProxyDetails.ssServer;

                config.ProxyPort = ssproxyDetails.ssSTProxyDetails.ssPort;

                config.ProxyCredentials = new NetworkCredential(ssproxyDetails.ssSTProxyDetails.ssUsername, ssproxyDetails.ssSTProxyDetails.ssPassword);

                if (sstoken.ssSTAmazonToken != null)

                    client = AWSClientFactory.CreateAmazonS3Client(config);

                else

                    client = AWSClientFactory.CreateAmazonS3Client(sstoken.ssSTAmazonToken.ssAccessKey, sstoken.ssSTAmazonToken.ssSecretKey, config);

            }

            else

            {

                if (sstoken.ssSTAmazonToken != null)

                    client = AWSClientFactory.CreateAmazonS3Client();

                else

                    client = AWSClientFactory.CreateAmazonS3Client(sstoken.ssSTAmazonToken.ssAccessKey, sstoken.ssSTAmazonToken.ssSecretKey);

            }


            return client;

        }



Then replace the block of code in each function with a single line;

AmazonS3 client = getAmazonS3Client(sstoken, ssuseProxy, ssproxyDetails);


Also make the token not mandatory. This should allow to use the IAM Instance Roles instead of AccessToken when running on an EC2 instance.


Did that code changes solved your issue to use IAM Andre?

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.