Allow use of AWS EC2 IAM roles with S3 file/image uploads


(Gary Windham) #1

I deployed the official Docker Discourse image on an AWS EC2 instance, assuming I could use the Access Key/Secret Key associated an IAM role to enable Discourse’s S3 upload feature (under Setting->Files)…well, I guess you know what that makes me. :smile: For reference:

As the “fog” gem (used by Discourse for S3 support) has the ability to use the keys from an IAM role, I respectfully submit a request to have Discourse use this option (:use_iam_profile => true) if the “use S3” option is enabled, but the “Access Key ID” and “Secret Key” fields are left blank.

Thank you!

(Jeff Atwood) #2

Seems reasonable if it is easy, @zogstrip can you check? If it is not easy will have to be post V1.

(Gary Windham) #3

Thanks, @codinghorror. I took a stab at it in my local instance; it was pretty easy and seems to work well. The change is in lib/file_store/s3_store.rb, and a diff is attached. I can submit a git pull request if desired.

s3_store_diff.txt (1.5 KB)

(Jeff Atwood) #4

Yes please a PR would be awesome.

(Kane York) #5

I went ahead and pushed a branch with that patch on it for you, go click the green button to make a PR: Comparing discourse:master...riking:patch-gary · discourse/discourse · GitHub

P.S. next time you do that, try this:

git checkout -b feature-branch master
git add....
git commit
git format-patch HEAD^

This will create a 0001-Commit-message.patch file, which someone else can use git am on to apply the commit, keeping the author and timestamp. (These git tools were originally designed for emailing patches.)

(Gary Windham) #6

Thanks, @riking. However, since my last post I went ahead and submitted a PR myself, using the prescribed methodology at discourse/ at master · discourse/discourse · GitHub. I cleaned it up a bit (adding an option instead of relying on the other fields to be blanks, and also making it work for S3 backups).

The PR is support for EC2 IAM roles with Amazon S3 file store/backup by windhamg · Pull Request #2511 · discourse/discourse · GitHub.

(Alan Tan) #7

Looks like this feature is not longer valid after the foggem is removed?

(Jeff Atwood) #8

The fog gem was very bloated and @sam removed it a while back.

(Sam Saffron) #9

Putting a #pr-welcome on this in case anyone wants to try bringing this feature back provided they don’t also bring back a swarm of bloated dependencies.