Discourse does not support service account and IAM role for S3 backup

I deployed Discourse to AWS EKS, and would like to enable Discourse S3 backup. The existing S3 backup requires access id and key of IAM user. However, our infrastructure require all apps running in AWS with IAM role.
So with EKS, we can only provide kubernetes service account + IAM role (IRSA), I searched from internet and also source code for Discourse, and did not find out any reference for IRSA with Discourse and EKS.

Could you please help to confirm that there is no existing feature for IRSA, and please share the solution for my usecase. I am looking into the local backup + Cloudwatch + DataSync + S3 or local backup + AWS backup.

Have you tried setting s3_use_iam_profile to true in the environment?

1 Like

Thank you for your reply.
My app is running in a shared EKS cluster, and I have no permission to update EC2 role policy. And I do not think Discourse could be configured to get EC2 role.

It sounds like you don’t have any options, then.

I think your solution is to have the uploads on S3 and then use external tools to backup the database.

1 Like