Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hi, Is It Possible To Pass Temporary Iam Role To The Web App Could Access?

Hi, is it possible to pass temporary IAM role to the web app could access?

  
  
Posted 2 years ago
Votes Newest

Answers 8


so the thing with IAM roles, they are designed to allow AWS instances to get "automatic" permission (based on the IAM role). They are not actually designed to generate key/secret as I think the lifetime is be default relatively short. Since the actual request to the S3 comes from the client browser (i.e. outside of AWS cluster) the IAM role cannot apply, and you have to provide the key/secret. The easiest way is to generate S3 keys regardless of the IAM roles, to be used with the clients (specifically these can be read-only as you are not actually changing data with them).
wdyt?

  
  
Posted 2 years ago

Hi CostlyOstrich36 , I mean insert temporary access keys

  
  
Posted 2 years ago

assuming that they are in the same setup as user/secret keys then I guess they would work until they expire 🙂

  
  
Posted 2 years ago

JitteryCoyote63 , you mean insert temporary access keys or insert access keys temporarily?

  
  
Posted 2 years ago

yes that makes sense, I will do that. Thanks!

  
  
Posted 2 years ago

They are, but this doesn’t work - I guess it’s because temp IAM accesses have an extra token, that should be passed as well, but there is no such option on the web UI, right?

  
  
Posted 2 years ago

JitteryCoyote63

IAM role to the web app could access

you mean the web client key/secret to access S3 data ?

  
  
Posted 2 years ago

yes

  
  
Posted 2 years ago