Use security-credentials endpoint for authentication?

[dshawth]

Is it possible to use the ephemeral/short-lived credentials provided by the AWS IAM role security credentials endpoint as a form of authentication for s3-proxy?

It would likely require tracking the expiration of the token and requesting a new one when it expires.

Ref: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

It if is not possible currently, is it a feature you would consider developing and including in this project?

[oxyno-zeta]

Hello,

I'm afraid that this isn't possible for the moment and not planned too I'm sorry.

In S3-Proxy, static credentials aren't mandatory. That allows to use IAM roles on machines or interceptors like kube2iam.
Maybe a project like this one can help you in this particular situation ?

I'm not saying this won't arrive in the future. Maybe yes.

I hope this answer will help you. Feel free to tell me your opinion.

Regards,