Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make aws keys optional (for use IAM S3 role) #2

Merged
merged 2 commits into from
May 31, 2015
Merged

make aws keys optional (for use IAM S3 role) #2

merged 2 commits into from
May 31, 2015

Conversation

artempartos
Copy link
Contributor

close #1

  • Use with IAM role:
# config/initializers/refile.rb
require "refile/s3"
aws = {
  region: "sa-east-1",
  bucket: "my-bucket",
}

Refile.cache = Refile::S3.new(prefix: "cache", **aws)
Refile.store = Refile::S3.new(prefix: "store", **aws)
  • Use without IAM role (no changes):
# config/initializers/refile.rb
require "refile/s3"

aws = {
  access_key_id: "xyz",
  secret_access_key: "abc",
  region: "sa-east-1",
  bucket: "my-bucket",
}
Refile.cache = Refile::S3.new(prefix: "cache", **aws)
Refile.store = Refile::S3.new(prefix: "store", **aws)

jnicklas
jnicklas reviewed May 19, 2015
View reviewed changes
lib/refile/s3.rb
@@ -52,7 +46,7 @@ def initialize(access_key_id:, secret_access_key:, region:, bucket:, max_size: n
verify_uploadable def upload(uploadable)
id = @hasher.hash(uploadable)

if uploadable.is_a?(Refile::File) and uploadable.backend.is_a?(S3) and uploadable.backend.access_key_id == access_key_id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just strike this? I think copying between two different S3 accounts will not work. Is there some other way to determine which account we're working with?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, i think we can fetch access_key_id from client configuration. it will work in all auth cases:

  • Credentials passed to the AWS.config (this method now we use)
  • Environment Variables
  • The credentials file's default profile
  • Instance profile credentials (this method i need)

more about this - http://docs.aws.amazon.com/AWSSdkDocsRuby/latest//DeveloperGuide/prog-basics-creds.html)
I fix my PR soon

jnicklas added a commit that referenced this pull request May 31, 2015
@jnicklas
Merge pull request #2 from artempartos/develop
57e6417 
make aws keys optional (for use IAM S3 role)
@jnicklas jnicklas merged commit 57e6417 into refile:master May 31, 2015
@jnicklas
Copy link
Contributor

Nice! Thank you!

@jnicklas jnicklas mentioned this pull request Sep 10, 2015
Closed
@fredkelly
Copy link

I'm trying to use IAM roles but passing just region and bucket is giving me the following error:

DEPRECATION WARNING: called deprecated method `access_key_id' of an Aws::CredentialProvider, use #credentials instead

(I'm sourcing the gem from github to get this PR).

I've seen the discussion in #18 but my configuration appears to be correct:

# config/initializers/refile.rb
require 'refile/s3'

if Rails.env.production?
  aws = {
    region: ENV['AWS_REGION'],
    bucket: ENV['ATTACHMENT_BUCKET']
  }

  Refile.cache = Refile::S3.new(prefix: 'cache', max_size: 10.megabytes, **aws)
  Refile.store = Refile::S3.new(prefix: 'store', **aws)
end
# config/initializers/aws.rb
if Rails.env.production?
  Aws.config.update({
    region: ENV['AWS_REGION'],
    credentials: Aws::InstanceProfileCredentials.new()
  })
end

Edited: copied the wrong error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add the possibility to use iam role instead of explicit using aws access keys
3 participants
@artempartos @jnicklas @fredkelly