Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access s3 without hardcoding IAM secret key and access key #162

Closed
gvoden opened this issue Dec 22, 2022 · 2 comments
Closed

Access s3 without hardcoding IAM secret key and access key #162

gvoden opened this issue Dec 22, 2022 · 2 comments

Comments

@gvoden
Copy link

gvoden commented Dec 22, 2022

Hi,

we are trying to access s3 resource without the need to explicitly specify access_key_id and secret_access_key in the s3 resource definition (we commit pipeline definitions to our Azure DevOps git and do not want to expose any credentials).
Concourse runs on EC2 server which has access through s3 by assuming its instance role/instance profile.

Currently we get "access denied" even though the role attached to EC2 has access to s3. This means that Concourse itself is unable to implicitly assume a role.

thanks for your help!

@taylorsilva
Copy link
Member

This happens because the instance role isn't used at all:

s3-resource/s3client.go

Lines 119 to 120 in 5fab416

if accessKey == "" && secretKey == "" {
creds = credentials.AnonymousCredentials

The Concourse team has a thing about not using anything related to the environment/state of a worker. I'm not sure it makes sense to force that upon this resource though. I may make a PR to allow the use of using the instance role to assume another role. it's a bit of a middle-ground between these two opinions.

@taylorsilva
Copy link
Member

Realized this is a similar ask as #151 so closing this issue. Re-open if there is a difference I'm missing here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants