Allow full use of the AWS S3 SDK authentication options (#32270)

If an explicit AWS key pair and/or region is not provided in config/storage.yml, attempt to use environment variables, shared credentials, or IAM role credentials. Order of precedence is determined by the AWS SDK[1]. [1]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html
2022-11-09 12:12:34 -05:00 · 2018-03-19 11:25:40 -04:00 · 2018-03-19 11:25:40 -04:00 · c1600009b2
commit c1600009b2
parent db8cce202b
4 changed files with 18 additions and 3 deletions
--- a/activestorage/CHANGELOG.md
+++ b/activestorage/CHANGELOG.md
@ -1,3 +1,11 @@
+*   Allow full use of the AWS S3 SDK options for authentication. If an
+    explicit AWS key pair and/or region is not provided in  `storage.yml`, 
+    attempt to use environment variables, shared credentials, or IAM 
+    (instance or task) role credentials. Order of precedence is determined 
+    by the [AWS SDK](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+
+    *Brian Knight*
+
 *   Rails 6 requires Ruby 2.4.1 or newer.

    *Jeremy Daer*
--- a/activestorage/lib/active_storage/service/s3_service.rb
+++ b/activestorage/lib/active_storage/service/s3_service.rb
@ -9,8 +9,8 @@ module ActiveStorage
  class Service::S3Service < Service
    attr_reader :client, :bucket, :upload_options

-    def initialize(access_key_id:, secret_access_key:, region:, bucket:, upload: {}, **options)
-      @client = Aws::S3::Resource.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: region, **options)
+    def initialize(bucket:, upload: {}, **options)
+      @client = Aws::S3::Resource.new(**options)
      @bucket = @client.bucket(bucket)

      @upload_options = upload
--- a/activestorage/test/service/s3_service_test.rb
+++ b/activestorage/test/service/s3_service_test.rb
@ -3,7 +3,7 @@
 require "service/shared_service_tests"
 require "net/http"

-if SERVICE_CONFIGURATIONS[:s3] && SERVICE_CONFIGURATIONS[:s3][:access_key_id].present?
+if SERVICE_CONFIGURATIONS[:s3]
  class ActiveStorage::Service::S3ServiceTest < ActiveSupport::TestCase
    SERVICE = ActiveStorage::Service.configure(:s3, SERVICE_CONFIGURATIONS)

--- a/guides/source/active_storage_overview.md
+++ b/guides/source/active_storage_overview.md
@ -114,6 +114,13 @@ gem "aws-sdk-s3", require: false

 NOTE: The core features of Active Storage require the following permissions: `s3:ListBucket`, `s3:PutObject`, `s3:GetObject`, and `s3:DeleteObject`. If you have additional upload options configured such as setting ACLs then additional permissions may be required.

+NOTE: If you want to use environment variables, standard SDK configuration files, profiles,
+IAM instance profiles or task roles, you can omit the `access_key_id`, `secret_access_key`,
+and `region` keys in the example above. The Amazon S3 Service supports all of the
+authentication options described in the [AWS SDK documentation]
+(https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+
+
 ### Microsoft Azure Storage Service

 Declare an Azure Storage service in `config/storage.yml`: