From 2a00c383bbad9b1d12bdc3f5158847dd184228cf Mon Sep 17 00:00:00 2001
From: Alan Bates <alan.bates@sapient.com>
Date: Fri, 4 May 2018 16:22:15 +0100
Subject: [PATCH 1/2] Make supplying an AWS access key and secret optional to
 support using IAM roles (addresses #9098)

---
 packages/rocketchat-file-upload/server/config/AmazonS3.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/rocketchat-file-upload/server/config/AmazonS3.js b/packages/rocketchat-file-upload/server/config/AmazonS3.js
index 571d59246510..7387637c414f 100644
--- a/packages/rocketchat-file-upload/server/config/AmazonS3.js
+++ b/packages/rocketchat-file-upload/server/config/AmazonS3.js
@@ -69,7 +69,7 @@ const configure = _.debounce(function() {
 	// const CDN = RocketChat.settings.get('FileUpload_S3_CDN');
 	const BucketURL = RocketChat.settings.get('FileUpload_S3_BucketURL');
 
-	if (!Bucket || !AWSAccessKeyId || !AWSSecretAccessKey) {
+	if (!Bucket) {
 		return;
 	}
 

From 2f5cc798b8de857de74182f6bc1e9e809b1e89f2 Mon Sep 17 00:00:00 2001
From: Alan Bates <alan.bates@sapient.com>
Date: Wed, 9 May 2018 13:56:43 +0100
Subject: [PATCH 2/2] - Make setting AWS credentials conditional

---
 .../rocketchat-file-upload/server/config/AmazonS3.js   | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/packages/rocketchat-file-upload/server/config/AmazonS3.js b/packages/rocketchat-file-upload/server/config/AmazonS3.js
index 7387637c414f..04026ddd7da2 100644
--- a/packages/rocketchat-file-upload/server/config/AmazonS3.js
+++ b/packages/rocketchat-file-upload/server/config/AmazonS3.js
@@ -75,8 +75,6 @@ const configure = _.debounce(function() {
 
 	const config = {
 		connection: {
-			accessKeyId: AWSAccessKeyId,
-			secretAccessKey: AWSSecretAccessKey,
 			signatureVersion: SignatureVersion,
 			s3ForcePathStyle: ForcePathStyle,
 			params: {
@@ -88,6 +86,14 @@ const configure = _.debounce(function() {
 		URLExpiryTimeSpan
 	};
 
+	if (AWSAccessKeyId) {
+		config.connection.accessKeyId = AWSAccessKeyId;
+	}
+
+	if (AWSSecretAccessKey) {
+		config.connection.secretAccessKey = AWSSecretAccessKey;
+	}
+
 	if (BucketURL) {
 		config.connection.endpoint = BucketURL;
 	}