Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Role based EC2 access to S3 #1803

Open
denyszhak opened this issue Nov 27, 2022 · 4 comments
Open

Role based EC2 access to S3 #1803

denyszhak opened this issue Nov 27, 2022 · 4 comments

Comments

@denyszhak
Copy link

Feature Request

The key parameter is required to access S3 using S3StorageDriver

, even if provided it fails down in the code in the absence of secret here https://github.com/apache/libcloud/blob/trunk/libcloud/common/aws.py#L313

Can you suggest the usage of your client for role-based EC2 access to S3 or the possibility to add it? (where key and secret are now known well in advance but using STS for temporary access by tokens)

Thanks!

@denyszhak
Copy link
Author

@Kami Does it make sense to add support for retrieving keys from instance metadata as a part of the library for every provider where it makes sense? I could review and propose an MR. If you don't want to have it in the library then let me know

Thanks!

@denyszhak
Copy link
Author

@Kami Any chance you can provide your input here?

@jan-mue
Copy link
Contributor

jan-mue commented Apr 19, 2023

@denyszhak you can try this code to use the credentials from an IAM instance profile on EC2:

import boto3
from libcloud.storage.types import Provider
from libcloud.storage.providers import get_driver

session = boto3.Session()
credentials = session.get_credentials().get_frozen_credentials()
cls = get_driver(Provider.S3)
driver = cls(region="region", key=credentials.access_key, secret=credentials.secret_key, token=credentials.token)

If you have some long-running operations that use this libcloud driver, you might have to refresh the credentials, though.

@devopscloudnexus
Copy link

Is there a fix for this problem? I know we can use boto3 to get the credentials, but at that point, I might as well use boto3 all the way and remove libcloud, which is not what I want to do. Any suggestions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants