Add ability to load s3 config from ~/.aws/config #3243
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Shaun Sabo shaunsabo@slack-corp.com
I noticed that I cannot force the SDK to load my
.aws/config
which I volume mounted into the registry container at/root/.aws/config
. I want to do this so I can run a registry in a different AWS account from where the S3 bucket is located without using Access Keys. Ideally, I would like to achieve this by usingrole_arn
andcredential_source = Ec2InstanceMetadata
in the shared config to assume a role in the account where the bucket is located.Currently if we provide
AWS_SDK_LOAD_CONFIG=1
to the registry, it will not actually use the config located at~/.aws/config
. I believe this is becausedefaults.Config()
loads a full*aws.Config
object who's Credentials override the detection thatsession.NewSession()
does.By starting with a sparse object with
&aws.Config{}
, I was able to continue to configure the session incrementally without wiping out default behavior for credential discovery.This patch will maintain existing behavior, except when
AWS_SDK_LOAD_CONFIG=1
is set in the environment.