Hi Alex,
S3QL cannot handle STS generated temporary credentials. If I understand
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
correctly they would only allow you to mount the file system for a
maximum of 12 hours. There might be use cases where that's enough
(which?). I do not think that support for temporary credentials will get
into S3QL without handling the token expiration gracefully (how?).
Besides this road block: If you want this feature, you probably need to
find someone (maybe yourself) who implements it (see
https://github.com/s3ql/s3ql/issues/265#issuecomment-1004689564 )
Implementing basic support for the x-amz-security-token shouldn't be
that hard if you have some Python knowledge. It's basically changing one
line and adding two new lines of code:
* Add a new backend option for the security tokenĀ
https://github.com/s3ql/s3ql/blob/19493c29990e849ebaa261cb0549bbda4d7819ab/src/s3ql/backends/s3.py#L39
* Optionally use this backend option to add the x-amz-security-token
header in
https://github.com/s3ql/s3ql/blob/19493c29990e849ebaa261cb0549bbda4d7819ab/src/s3ql/backends/s3.py#L166-L229
(see
https://github.com/s3ql/s3ql/blob/19493c29990e849ebaa261cb0549bbda4d7819ab/src/s3ql/backends/s3.py#L88-L89
for how to access the backend options in this method)
* Document the new backend option in this file
https://github.com/s3ql/s3ql/blob/master/rst/backends.rst#amazon-s3
That's the easy part, the hard part would be to gracefully handle the
token expiration.
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/s3ql/2464cb6f-bd74-7bbe-4428-9c268bae2a75%40jagszent.de.
