Discourse does not support service account and IAM role for S3 backup

ZhaoGang · November 17, 2021, 7:09am

I deployed Discourse to AWS EKS, and would like to enable Discourse S3 backup. The existing S3 backup requires access id and key of IAM user. However, our infrastructure require all apps running in AWS with IAM role.
So with EKS, we can only provide kubernetes service account + IAM role (IRSA), I searched from internet and also source code for Discourse, and did not find out any reference for IRSA with Discourse and EKS.

Could you please help to confirm that there is no existing feature for IRSA, and please share the solution for my usecase. I am looking into the local backup + Cloudwatch + DataSync + S3 or local backup + AWS backup.

pfaffman · November 17, 2021, 2:04pm

Have you tried setting s3_use_iam_profile to true in the environment?

ZhaoGang · November 18, 2021, 1:56am

Thank you for your reply.
My app is running in a shared EKS cluster, and I have no permission to update EC2 role policy. And I do not think Discourse could be configured to get EC2 role.

pfaffman · November 18, 2021, 3:06am

It sounds like you don’t have any options, then.

I think your solution is to have the uploads on S3 and then use external tools to backup the database.

Topic		Replies	Views
Automatic Backup to S3 not happening - Backup runs but doesn't upload unless performed manually via Admin UI Installation	4	360	March 29, 2023
Separate S3 access keys for backups and uploads? Support s3	5	20	November 10, 2024
Allow use of AWS EC2 IAM roles with S3 file/image uploads Feature pr-welcome	8	4114	February 20, 2017
AWS role instead for backups General	1	697	March 25, 2022
S3 Storage with no Public access Feature s3	6	610	January 13, 2023

Discourse does not support service account and IAM role for S3 backup

Related topics