s3: use aws web identity role provider
This commit is contained in:
parent
9d993e584b
commit
15d19131bd
2 changed files with 9 additions and 2 deletions
|
@ -37,6 +37,7 @@ import (
|
||||||
"github.com/aws/aws-sdk-go/aws/corehandlers"
|
"github.com/aws/aws-sdk-go/aws/corehandlers"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
||||||
|
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
||||||
"github.com/aws/aws-sdk-go/aws/defaults"
|
"github.com/aws/aws-sdk-go/aws/defaults"
|
||||||
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
||||||
"github.com/aws/aws-sdk-go/aws/request"
|
"github.com/aws/aws-sdk-go/aws/request"
|
||||||
|
@ -1009,6 +1010,11 @@ func s3Connection(opt *Options) (*s3.S3, *session.Session, error) {
|
||||||
}),
|
}),
|
||||||
ExpiryWindow: 3 * time.Minute,
|
ExpiryWindow: 3 * time.Minute,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
// Pick up IAM role if we are in EKS
|
||||||
|
&stscreds.WebIdentityRoleProvider{
|
||||||
|
ExpiryWindow: 3 * time.Minute,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
cred := credentials.NewChainCredentials(providers)
|
cred := credentials.NewChainCredentials(providers)
|
||||||
|
|
||||||
|
|
|
@ -358,6 +358,7 @@ The different authentication methods are tried in this order:
|
||||||
- `AWS_PROFILE` to control which profile to use.
|
- `AWS_PROFILE` to control which profile to use.
|
||||||
- Or, run `rclone` in an ECS task with an IAM role (AWS only).
|
- Or, run `rclone` in an ECS task with an IAM role (AWS only).
|
||||||
- Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
|
- Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
|
||||||
|
- Or, run `rclone` in an EKS pod with an IAM role that is associated with a service account (AWS only).
|
||||||
|
|
||||||
If none of these option actually end up providing `rclone` with AWS
|
If none of these option actually end up providing `rclone` with AWS
|
||||||
credentials then S3 interaction will be non-authenticated (see below).
|
credentials then S3 interaction will be non-authenticated (see below).
|
||||||
|
|
Loading…
Reference in a new issue