Allow use of AWS EC2 IAM roles with S3 file/image uploads

I deployed the official Docker Discourse image on an AWS EC2 instance, assuming I could use the Access Key/Secret Key associated an IAM role to enable Discourse’s S3 upload feature (under Setting->Files)…well, I guess you know what that makes me. :smile: For reference:

As the “fog” gem (used by Discourse for S3 support) has the ability to use the keys from an IAM role, I respectfully submit a request to have Discourse use this option (:use_iam_profile => true) if the “use S3” option is enabled, but the “Access Key ID” and “Secret Key” fields are left blank.

Thank you!

Seems reasonable if it is easy, @zogstrip can you check? If it is not easy will have to be post V1.

Thanks, @codinghorror. I took a stab at it in my local instance; it was pretty easy and seems to work well. The change is in lib/file_store/s3_store.rb, and a diff is attached. I can submit a git pull request if desired.

s3_store_diff.txt (1.5 KB)

1 Like

Yes please a PR would be awesome.

I went ahead and pushed a branch with that patch on it for you, go click the green button to make a PR:

P.S. next time you do that, try this:

git checkout -b feature-branch master
git add....
git commit
git format-patch HEAD^

This will create a 0001-Commit-message.patch file, which someone else can use git am on to apply the commit, keeping the author and timestamp. (These git tools were originally designed for emailing patches.)

Thanks, @riking. However, since my last post I went ahead and submitted a PR myself, using the prescribed methodology at discourse/ at master · discourse/discourse · GitHub. I cleaned it up a bit (adding an option instead of relying on the other fields to be blanks, and also making it work for S3 backups).

The PR is


Looks like this feature is not longer valid after the foggem is removed?

The fog gem was very bloated and @sam removed it a while back.


Putting a #pr-welcome on this in case anyone wants to try bringing this feature back provided they don’t also bring back a swarm of bloated dependencies.