Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using IAM role to connect as S3 mount and not via access key and secret key? #66

Open
sonulaugh opened this issue Mar 9, 2022 · 4 comments

Comments

@sonulaugh
Copy link

sonulaugh commented Mar 9, 2022

I am looking to use this as a means to use the IAM role to connect as S3 mount and not via access key and secret key, is this supported?

@ashujain2
Copy link

ashujain2 commented Jun 10, 2022

I am also running with the same issue
@sonulaugh - Did you able to figure it out ?

@ctrox

@monofone
Copy link

Hi @sonulaugh / @ashujain2, after a look into the code it does not seem to be able to make IAM via ServiceAccount working the respective line in the connection for s3 https://github.com/ctrox/csi-s3/blob/master/pkg/s3/client.go#L58 states only the usage of AccessKey und SecretKey. Also the usage of the minio client package let me assume that there is no support for the authentication methods supported by the AWS-SDK.

Sadly it does not look this easy to implement.

@artificial-aidan
Copy link

So I got this working eventually. The hardest part was actually s3fs. I need to polish it a bit, but if anyone else needs to try it out I used these 3 branches.

https://github.com/artificialinc/csi-s3/tree/aidan/irsa
https://github.com/artificialinc/docker-build-s3fs/tree/aidan/artificial-build
https://github.com/artificialinc/s3fs-fuse/tree/aidan/ext-creds

You will have to build those images yourself. But it's working for me now.

@moveman
Copy link

moveman commented Sep 27, 2023

I tried to make csi-s3 + goofys work with iam + IMDSv2: https://github.com/moveman/csi-s3/tree/attempt2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants