Allow use of AWS EC2 IAM roles with S3 file/image uploads

I deployed the official Docker Discourse image on an AWS EC2 instance, assuming I could use the Access Key/Secret Key associated an IAM role to enable Discourse’s S3 upload feature (under Setting->Files)…well, I guess you know what that makes me. :smile: For reference:
https://meta.discourse.org/t/setting-up-file-and-image-uploads-to-s3/7229/31?u=windhamg1

As the “fog” gem (used by Discourse for S3 support) has the ability to use the keys from an IAM role, I respectfully submit a request to have Discourse use this option (:use_iam_profile => true) if the “use S3” option is enabled, but the “Access Key ID” and “Secret Key” fields are left blank.

Thank you!

Seems reasonable if it is easy, @zogstrip can you check? If it is not easy will have to be post V1.

Thanks, @codinghorror. I took a stab at it in my local instance; it was pretty easy and seems to work well. The change is in lib/file_store/s3_store.rb, and a diff is attached. I can submit a git pull request if desired.

s3_store_diff.txt (1.5 KB)

1 Like

Yes please a PR would be awesome.

I went ahead and pushed a branch with that patch on it for you, go click the green button to make a PR: https://github.com/riking/discourse/compare/discourse:master...riking:patch-gary?expand=1


P.S. next time you do that, try this:

git checkout -b feature-branch master
git add....
git commit
git format-patch HEAD^

This will create a 0001-Commit-message.patch file, which someone else can use git am on to apply the commit, keeping the author and timestamp. (These git tools were originally designed for emailing patches.)

Thanks, @riking. However, since my last post I went ahead and submitted a PR myself, using the prescribed methodology at discourse/CONTRIBUTING.md at master · discourse/discourse · GitHub. I cleaned it up a bit (adding an option instead of relying on the other fields to be blanks, and also making it work for S3 backups).

The PR is https://github.com/discourse/discourse/pull/2511.

4 Likes

Looks like this feature is not longer valid after the foggem is removed?

The fog gem was very bloated and @sam removed it a while back.

3 Likes

Putting a pr-welcome on this in case anyone wants to try bringing this feature back provided they don’t also bring back a swarm of bloated dependencies.

2 Likes