Skip to content


support fog's new use_iam_profile option #203

wants to merge 1 commit into from

3 participants


EC2 recently gained the option for credentials to be fetched from the instance metadata service rather than embedding them in a credentials file. This patch allows dragonfly to do this (via fog's support for this - currently on master but unreleased)


This has been part of the recent releases of fog - it would be great if dragonfly was able to use it. Perhaps it would be better to make it so that dragonfly is less tightly coupled to fog? Instead of the current setup users could pass a hash of options that would be passed through verbatim to fog


hi - sorry for the massively late response on the original request - I agree - passing through options verbatim simplifies things a bit. I'll merge this in soon, though FYI I will also at some point move S3, Mongo and Couch datastores out of core and into their own self-contained gems
thanks again


That sounds like a great plan


Just wanted to pop in here and give a +1 on this. In the process of setting up the CloudFormation infrastructure for an app that will use DragonFly and IAM Instance Profiles are very attractive for credential management.

Thank to both of you for working on this, can' wait to see it merged.


sorry again for the delay - I've merged via a cherry-pick in master (still plan to separate out into a separate gem though!)

@markevans markevans closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 24, 2012
  1. @fcheung
Showing with 22 additions and 5 deletions.
  1. +12 −5 lib/dragonfly/data_storage/s3data_store.rb
  2. +10 −0 spec/dragonfly/data_storage/s3_data_store_spec.rb
17 lib/dragonfly/data_storage/s3data_store.rb
@@ -12,6 +12,7 @@ class S3DataStore
configurable_attr :access_key_id
configurable_attr :secret_access_key
configurable_attr :region
+ configurable_attr :use_iam_profile
configurable_attr :use_filesystem, true
configurable_attr :storage_headers, {'x-amz-acl' => 'public-read'}
configurable_attr :url_scheme, 'http'
@@ -33,6 +34,7 @@ def initialize(opts={})
self.access_key_id = opts[:access_key_id]
self.secret_access_key = opts[:secret_access_key]
self.region = opts[:region]
+ self.use_iam_profile = opts[:use_iam_profile]
def store(temp_object, opts={})
@@ -96,12 +98,13 @@ def domain
def storage
@storage ||= begin
- storage =
+ storage ={
:provider => 'AWS',
:aws_access_key_id => access_key_id,
:aws_secret_access_key => secret_access_key,
- :region => region
- )
+ :region => region,
+ :use_iam_profile => use_iam_profile
+ }.reject {|name, option| option.nil?})
@@ -118,8 +121,12 @@ def bucket_exists?
def ensure_configured
unless @configured
- [:bucket_name, :access_key_id, :secret_access_key].each do |attr|
- raise NotConfigured, "You need to configure #{} with #{attr}" if send(attr).nil?
+ if use_iam_profile
+ raise NotConfigured, "You need to configure #{} with #{attr}" if bucket_name.nil?
+ else
+ [:bucket_name, :access_key_id, :secret_access_key].each do |attr|
+ raise NotConfigured, "You need to configure #{} with #{attr}" if send(attr).nil?
+ end
@configured = true
10 spec/dragonfly/data_storage/s3_data_store_spec.rb
@@ -176,6 +176,16 @@
@data_store.secret_access_key = nil
proc{ @data_store.retrieve('asdf') }.should raise_error(Dragonfly::Configurable::NotConfigured)
+ if !enabled #this will fail since the specs are not running on an ec2 instance with an iam role defined
+ it 'should allow missing secret key and access key on store if iam profiles are allowed' do
+ @data_store.use_iam_profile = true
+ @data_store.secret_access_key = nil
+ @data_store.access_key_id = nil
+ proc{ }.should_not raise_error(Dragonfly::Configurable::NotConfigured)
+ end
+ end
describe "autocreating the bucket" do
Something went wrong with that request. Please try again.