JitteryCoyote63
IAM role to the web app could access
you mean the web client key/secret to access S3 data ?
They are, but this doesn’t work - I guess it’s because temp IAM accesses have an extra token, that should be passed as well, but there is no such option on the web UI, right?
so the thing with IAM roles, they are designed to allow AWS instances to get "automatic" permission (based on the IAM role). They are not actually designed to generate key/secret as I think the lifetime is be default relatively short. Since the actual request to the S3 comes from the client browser (i.e. outside of AWS cluster) the IAM role cannot apply, and you have to provide the key/secret. The easiest way is to generate S3 keys regardless of the IAM roles, to be used with the clients (specifically these can be read-only as you are not actually changing data with them).
wdyt?
Hi CostlyOstrich36 , I mean insert temporary access keys
assuming that they are in the same setup as user/secret keys then I guess they would work until they expire 🙂
JitteryCoyote63 , you mean insert temporary access keys or insert access keys temporarily?
yes that makes sense, I will do that. Thanks!