diff --git a/docs/storage-drivers/s3.md b/docs/storage-drivers/s3.md index 3122a8979..9b3ba2f2b 100644 --- a/docs/storage-drivers/s3.md +++ b/docs/storage-drivers/s3.md @@ -9,23 +9,24 @@ Amazon S3 or S3 compatible services for object storage. ## Parameters -| Parameter | Required | Description | -|:--------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. | -| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. | -| `region` | yes | The AWS region in which your bucket exists. | -| `regionendpoint` | no | Endpoint for S3 compatible storage services (Minio, etc). | -| `forcepathstyle` | no | To enable path-style addressing when the value is set to `true`. The default is `true`. | -| `bucket` | yes | The bucket name in which you want to store the registry's data. | -| `encrypt` | no | Specifies whether the registry stores the image in encrypted format or not. A boolean value. The default is `false`. | -| `keyid` | no | Optional KMS key ID to use for encryption (encrypt must be true, or this parameter is ignored). The default is `none`. | -| `secure` | no | Indicates whether to use HTTPS instead of HTTP. A boolean value. The default is `true`. | -| `skipverify` | no | Skips TLS verification when the value is set to `true`. The default is `false`. | -| `v4auth` | no | Indicates whether the registry uses Version 4 of AWS's authentication. The default is `true`. | -| `chunksize` | no | The S3 API requires multipart upload chunks to be at least 5MB. This value should be a number that is larger than 5 * 1024 * 1024.| -| `rootdirectory` | no | This is a prefix that is applied to all S3 keys to allow you to segment data in your bucket if necessary. | -| `storageclass` | no | The S3 storage class applied to each registry file. The default is `STANDARD`. | -| `objectacl` | no | The S3 Canned ACL for objects. The default value is "private". | +| Parameter | Required | Description | +|:-----------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `accesskey` | no | Your AWS Access Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. | +| `secretkey` | no | Your AWS Secret Key. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. | +| `sessiontoken` | no | Your AWS Session token. If you use [IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html), omit to fetch temporary credentials from IAM. | +| `region` | yes | The AWS region in which your bucket exists. | +| `regionendpoint` | no | Endpoint for S3 compatible storage services (Minio, etc). | +| `forcepathstyle` | no | To enable path-style addressing when the value is set to `true`. The default is `true`. | +| `bucket` | yes | The bucket name in which you want to store the registry's data. | +| `encrypt` | no | Specifies whether the registry stores the image in encrypted format or not. A boolean value. The default is `false`. | +| `keyid` | no | Optional KMS key ID to use for encryption (encrypt must be true, or this parameter is ignored). The default is `none`. | +| `secure` | no | Indicates whether to use HTTPS instead of HTTP. A boolean value. The default is `true`. | +| `skipverify` | no | Skips TLS verification when the value is set to `true`. The default is `false`. | +| `v4auth` | no | Indicates whether the registry uses Version 4 of AWS's authentication. The default is `true`. | +| `chunksize` | no | The S3 API requires multipart upload chunks to be at least 5MB. This value should be a number that is larger than 5 * 1024 * 1024. | +| `rootdirectory` | no | This is a prefix that is applied to all S3 keys to allow you to segment data in your bucket if necessary. | +| `storageclass` | no | The S3 storage class applied to each registry file. The default is `STANDARD`. | +| `objectacl` | no | The S3 Canned ACL for objects. The default value is "private". | > **Note** You can provide empty strings for your access and secret keys to run the driver > on an ec2 instance and handles authentication with the instance's credentials. If you diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go index 8753b3455..ce45c161a 100644 --- a/registry/storage/driver/s3-aws/s3.go +++ b/registry/storage/driver/s3-aws/s3.go @@ -417,6 +417,9 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { } sessionToken := "" + if sk, ok := parameters["sessiontoken"].(string); ok { + sessionToken = sk + } accelerateBool := false accelerate := parameters["accelerate"]