A recommendation to help secure your AWS resources is to assume an IAM role by using STS to receive a temporary credentials role session. This is more secure than using access key credentials. A session has a limited duration, which reduces your risk if your credentials are compromised. Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#delegate-using-roles
This change adds logic at the point of getting a session with AWS. It will check for an optional config variable that should contain an ARN of the role that has the permissions to the S3 bucket. If present, after getting the session, it will use STS to get temporary credentials for the role and get a session with these credentials.
MurraySpeight
commented
2 years ago
A recommendation to help secure your AWS resources is to assume an IAM role by using STS to receive a temporary credentials role session. This is more secure than using access key credentials. A session has a limited duration, which reduces your risk if your credentials are compromised. Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#delegate-using-roles
This change adds logic at the point of getting a session with AWS. It will check for an optional config variable that should contain an ARN of the role that has the permissions to the S3 bucket. If present, after getting the session, it will use STS to get temporary credentials for the role and get a session with these credentials.