S3 storrage with role insead of keys

pkarolyi / garden-snail

Self hosted Turborepo remote cache server

https://hub.docker.com/r/pkarolyi/garden-snail

MIT License

9 stars 1 forks source link

S3 storrage with role insead of keys #38

Open toretua opened 1 month ago

toretua commented 1 month ago

We try to avid access key in server solutions the have better control and not need to rotate keys., In sett up key and secret is required: # required if provider is s3 S3_BUCKET=turborepo-cache-itsl S3_ACCESS_KEY_ID= S3_SECRET_ACCESS_KEY= Is there a way to set s3 as storage without using this? the server has access via aws roles, but it seems to fail when i omit key/secret

Regards Tore

pkarolyi commented 1 month ago

Dear Tore,

Can you describe you exact setup in a bit more detail, so I can better understand?

If I understand correctly you don't want to use access keys to access S3, but would rather use an AWS IAM role attached to the server. Is that server an EC2? Or how are you trying to set it up?

Is it enough if I set the S3_ACCESS_KEY_ID and S3_SECRET_ACCESS_KEY optional? I think that would solve your problem if you are running it straight on the EC2, but I am unsure if it would be enough if you are running in some other setup.

Please give me as much info as you can about how you are setting it up exactly.

Cheers, Peter

toretua commented 1 month ago

you are correct, the server is an ec2 instance and its role has full access to the bucket. So setting the key/secret to optional would be splendid!

Thanks for quick reply regards Tore

pkarolyi commented 1 month ago

Thank you for your patience! In the latest version (1.4.0) S3 credential environment variables are now optional. I hope this solves your problem. If not please don't hesitate to tell me.

toretua commented 3 weeks ago

Hi! I see that the docker container now runs without key, but it still cannot push to s3 using its instance role. Seems the code still tries to access providing empty aws key/secret value instead of not having them in the request.

pkarolyi commented 1 week ago

Hi!

Sorry, I didn't get a notification about this comment for some reason. I updated the code so that it will try to use the default AWS environment variables if present. This may solve the issue. Sadly I don't currently have access to an AWS account so I cannot test this.

If you could check if this fixes the problem for you I would be very grateful! (Use the edge tag for the docker image)

toretua commented 1 week ago

Works when i push a file using curl... have to wait a bit to test with real turbo build