You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running in a container from EKS and using service accounts, AWS services are not accessed with a static key/secret pair, but with temporary credentials received from STS. (keyId, secret, sessionToken)
The following files will need to be updated to add x-amz-security-token to the policy document and the upload's form data:
src/Http/ViewComposers/MediasUploaderConfig.php
frontend/js/components/media-library/Uploader.vue
Additional context
Working on a branch with the changes
The text was updated successfully, but these errors were encountered:
Hi @kizmanj, we're aware of this use case. For example, since this PR has been merged, it has been possible to use IAM roles on EC2 instances instead of access key pairs. It implies that you use the local endpoint type of the media library and specify a remote disk under twill.media_library.disk. That way the Twill uploader doesn't attempt to direct upload to S3, it uploads to your application first, which can be authorized to communicate with S3 to actually store the file. Maybe you've tried that and it didn't work?
Happy to review a PR improving compatibility for sure!
Summary
When running in a container from EKS and using service accounts, AWS services are not accessed with a static key/secret pair, but with temporary credentials received from STS. (keyId, secret, sessionToken)
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role-with-web-identity.html
Describe the solution you'd like
The following files will need to be updated to add x-amz-security-token to the policy document and the upload's form data:
src/Http/ViewComposers/MediasUploaderConfig.php
frontend/js/components/media-library/Uploader.vue
Additional context
Working on a branch with the changes
The text was updated successfully, but these errors were encountered: