Allow use of AWS EC2 IAM roles with S3 file/image uploads

windhamg1 · July 4, 2014, 3:54am

I deployed the official Docker Discourse image on an AWS EC2 instance, assuming I could use the Access Key/Secret Key associated an IAM role to enable Discourse’s S3 upload feature (under Setting->Files)…well, I guess you know what that makes me. For reference:
https://meta.discourse.org/t/setting-up-file-and-image-uploads-to-s3/7229/31?u=windhamg1

As the “fog” gem (used by Discourse for S3 support) has the ability to use the keys from an IAM role, I respectfully submit a request to have Discourse use this option (:use_iam_profile => true) if the “use S3” option is enabled, but the “Access Key ID” and “Secret Key” fields are left blank.

Thank you!

codinghorror · July 4, 2014, 7:36pm

Seems reasonable if it is easy, @zogstrip can you check? If it is not easy will have to be post V1.

windhamg1 · July 4, 2014, 8:01pm

Thanks, @codinghorror. I took a stab at it in my local instance; it was pretty easy and seems to work well. The change is in lib/file_store/s3_store.rb, and a diff is attached. I can submit a git pull request if desired.

s3_store_diff.txt (1.5 KB)

codinghorror · July 4, 2014, 8:02pm

Yes please a PR would be awesome.

riking · July 5, 2014, 8:07pm

I went ahead and pushed a branch with that patch on it for you, go click the green button to make a PR: https://github.com/riking/discourse/compare/discourse:master...riking:patch-gary?expand=1

P.S. next time you do that, try this:

git checkout -b feature-branch master
git add....
git commit
git format-patch HEAD^

This will create a 0001-Commit-message.patch file, which someone else can use git am on to apply the commit, keeping the author and timestamp. (These git tools were originally designed for emailing patches.)

windhamg1 · July 5, 2014, 8:42pm

Thanks, @riking. However, since my last post I went ahead and submitted a PR myself, using the prescribed methodology at discourse/CONTRIBUTING.md at master · discourse/discourse · GitHub. I cleaned it up a bit (adding an option instead of relying on the other fields to be blanks, and also making it work for S3 backups).

The PR is https://github.com/discourse/discourse/pull/2511.

tgxworld · August 26, 2016, 4:12am

Looks like this feature is not longer valid after the foggem is removed?

codinghorror · August 26, 2016, 5:02am

The fog gem was very bloated and @sam removed it a while back.

sam · February 20, 2017, 6:55pm

Putting a pr-welcome on this in case anyone wants to try bringing this feature back provided they don’t also bring back a swarm of bloated dependencies.

Topic		Replies	Views
S3 Storage with no Public access Feature s3	6	609	January 13, 2023
Admin Dashboard Showing Problems Related to S3 Bug	1	785	January 18, 2018
Discourse does not support service account and IAM role for S3 backup Support	3	520	November 18, 2021
S3 Bucket backup setting page problem Installation	6	522	April 25, 2022
403 forbidden for thumbnails on s3 when running with CDN Installation unsupported-install	8	679	May 27, 2023

Allow use of AWS EC2 IAM roles with S3 file/image uploads

Related Topics