Using IAM role to connect as S3 mount and not via access key and secret key?

[sonulaugh]

I am looking to use this as a means to use the IAM role to connect as S3 mount and not via access key and secret key, is this supported?

[ashujain2]

I am also running with the same issue @sonulaugh - Did you able to figure it out ?

@ctrox

[monofone]

Hi @sonulaugh / @ashujain2, after a look into the code it does not seem to be able to make IAM via ServiceAccount working the respective line in the connection for s3 https://github.com/ctrox/csi-s3/blob/master/pkg/s3/client.go#L58 states only the usage of AccessKey und SecretKey. Also the usage of the minio client package let me assume that there is no support for the authentication methods supported by the AWS-SDK.

Sadly it does not look this easy to implement.

[artificial-aidan]

So I got this working eventually. The hardest part was actually s3fs. I need to polish it a bit, but if anyone else needs to try it out I used these 3 branches.

https://github.com/artificialinc/csi-s3/tree/aidan/irsa https://github.com/artificialinc/docker-build-s3fs/tree/aidan/artificial-build https://github.com/artificialinc/s3fs-fuse/tree/aidan/ext-creds

You will have to build those images yourself. But it's working for me now.

[moveman]

I tried to make csi-s3 + goofys work with iam + IMDSv2: https://github.com/moveman/csi-s3/tree/attempt2