From 712f9c97607de3ba9990d85d8b19ba884e576c94 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Wed, 27 Oct 2021 15:50:07 +0100
Subject: [PATCH] s3: fix IAM Role for Service Account not working and other
 auth problems

This patch reverts this commit

1605f9e14dbbe58e s3: Fix shared_credentials_file auth

It unfortunately had the side effect of making the s3 SDK ignore the
config in our custom chain and use the default provider. This means
that advanced auth was being ignored such as --s3-profile with
role_arn.

Fixes #5468
Fixes #5762
---
 backend/s3/s3.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/s3/s3.go b/backend/s3/s3.go
index aab0d8df8..15f91bcec 100644
--- a/backend/s3/s3.go
+++ b/backend/s3/s3.go
@@ -1603,6 +1603,9 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (*s3.S
 		awsSessionOpts.SharedConfigState = session.SharedConfigEnable
 		// Set the name of the profile if supplied
 		awsSessionOpts.Profile = opt.Profile
+		// The session constructor (aws/session/mergeConfigSrcs) will only use the user's preferred credential source
+		// (from the shared config file) if the passed-in Options.Config.Credentials is nil.
+		awsSessionOpts.Config.Credentials = nil
 	}
 	ses, err := session.NewSessionWithOptions(awsSessionOpts)
 	if err != nil {