Role Based access for S3

[sahil-sawhney]

Could the aws section in the example conf https://github.com/ysde/grafana-backup-tool/blob/master/examples/grafana-backup.example.json be set up to use AWS role-based access instead of access_key_id and secret_access_key

[babinos87]

This is a must in my opinion. In most common cases, someone should not use IAM credentials, but role-based access should just work.

EDIT: Although, I tried without specifying IAM credentials and it worked, it seems to be picking up the credentials from local enviornment. Same goes for AWS, EC2 Role is used to connect to s3 bucket.

My relevant settings section for this to work:

"aws": {
    "s3_bucket_name": "bucket-name",
    "s3_bucket_key": "grafana-backup",
    "default_region": "us-east-1"
}

[declan-fitzpatrick]

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

[kaykhan]

Does any have an example of using the role based access?

[kaykhan]

The way it is configured is to follow the default credential providers chain in s3_common.py as long as the access and secret key are not set.

I maybe wrong but i think you still need to set boto3's assume_role which could be done when the env AWS_ROLE_ARN/ROLE_ARN is present. https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html ?