Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure with IAM Role #163

Open
mavinalim opened this issue Apr 16, 2020 · 4 comments
Open

Configure with IAM Role #163

mavinalim opened this issue Apr 16, 2020 · 4 comments

Comments

@mavinalim
Copy link

First, I just wanted to say I have read the topic in #53. However, the person says in order for IAM Role to work, you just need to "leave it out" for aws_access_key and aws_access_secret. I have tried both commenting out the two lines:

  config.aws_credentials = {
    region:            Rails.application.secrets.aws[:AWS_REGION], # Required
    stub_responses:    Rails.env.test? # Optional, avoid hitting S3 actual during tests
  }

and

  config.aws_credentials = {
    access_key_id: ""    ,
    secret_access_key: "",
    region:            Rails.application.secrets.aws[:AWS_REGION], # Required
    stub_responses:    Rails.env.test? # Optional, avoid hitting S3 actual during tests
  }

I get this error for both options.

CarrierWave Error: missing credentials, provide credentials with one of the following options:
  - :access_key_id and :secret_access_key
  - :credentials
  - :credentials_provider

I can confirm that my IAM role is working fine, I tested with aws-sdk. It just seems like carrierwave is not liking the way I set up. Please help if anyone can, Thank you!
@sorentwo
Copy link
Contributor

I don't have any context beyond the discussion in #53. That error isn't coming from carrierwave-aws directly, it would be bubbling up from aws-sdk in some way.

@nitishgangal89
Copy link

nitishgangal89 commented May 7, 2020
edited

@sorentwo

I also want to use IAM profile attached to EC2 instance for carrierwave usage.
I followed all the previous issues and resources associated.

I would like to know what is the correct configuration to leave out the credentils in the carrierwave initialiers...

I am guessing that the following should be correct and it would fetch the credentials automatically from the attached IAM role to instance.

config.aws_credentials = {
    region:            Rails.application.secrets.aws[:AWS_REGION], # Required
    stub_responses:    Rails.env.test? # Optional, avoid hitting S3 actual during tests
  }

However, I think it did not work well and I kept getting the timeout when trying to upload a small file.

IAM role attached to the instance is right because the rest of the functionality implemented through fog-aws works well.

Also,
config.aws_acl = 'private' is this the required parameter?
If this is not set for a bucket having "Objects can be public" configuration results in an timeout error?

Please advice and suggest at the earliest.

@mavinalim
Please let me know if you found some solution around..

Thank you!

@wwk-github
Copy link

@nitishgangal89 did you find the proper solution? I have a similar situation.

@ibrahima
Copy link

In case it's helpful, in my case I decided to add

Aws.config.update(credentials: Aws::InstanceProfileCredentials.new)

to my AWS initialization code, and CarrierWave seems to pick that up. You could try to rely on the automatic credential lookup mechanisms but to me it seemed more deterministic to be explicit about it. (If you have different credential mechanisms in different environments it might be a good idea to make it conditional but still explicit.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ibrahima @sorentwo @nitishgangal89 @mavinalim @wwk-github