[EXTDAM-125] Investigation. Automatic authentication with AWS Created: 20/Jul/20  Updated: 26/Apr/21  Resolved: 26/Apr/21

Status: Closed
Project: External DAMs
Component/s: s3
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Minor
Reporter: Richard Gange Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: aws-s3, maintenance, sso
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
supersession
is superseded by AWSFNDN-22 aws-s3-connector: Option for not usin... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:
Epic Link: Ext DAMs maintenance & partnership support

 Description   

Currently to use our AWS s3 connector you have to enter static credentials into the Passwords Manger app.

Expected:
AWS and have EC2 instance profiles to provide dynamic authentication. The system should be able to fallback to this making both options available.

In the following figure, a developer runs an application on an EC2 instance that requires access to the S3 bucket named photos. An administrator creates the Get-pics service role and attaches the role to the EC2 instance. The role includes a permissions policy that grants read-only access to the specified S3 bucket. It also includes a trust policy that allows the EC2 instance to assume the role and retrieve the temporary credentials. When the application runs on the instance, it can use the role's temporary credentials to access the photos bucket. The administrator doesn't have to grant the developer permission to access the photos bucket, and the developer never has to share or manage credentials.

 

 

DEV Hints:

It looks to be possible with this way:

info.magnolia.cloud.service.AmazonS3ServiceProvider#getProvidedOrEnvironmentCredentials
private AWSCredentialsProvider getProvidedOrEnvironmentCredentials(String accessKey, String secretKey) {
if (isAnyBlank(accessKey, secretKey))

{ return new DefaultAWSCredentialsProviderChain(); }

return new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey));
}



 Comments   
Comment by Jesus Alonso [ 26/Apr/21 ]

This issue has been fixed with AWSFNDN-25

Generated at Mon Feb 12 01:52:09 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.