Allow full use of the AWS S3 SDK authentication options (#32270)

If an explicit AWS key pair and/or region is not provided in config/storage.yml, attempt to use environment variables, shared credentials, or IAM role credentials. Order of precedence is determined by the AWS SDK[1]. [1]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html
rails · Mar 19, 2018 · c160000 · c160000
1 parent db8cce2
commit c160000
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 3 deletions.
diff --git a/activestorage/CHANGELOG.md b/activestorage/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Allow full use of the AWS S3 SDK options for authentication. If an
+    explicit AWS key pair and/or region is not provided in  `storage.yml`, 
+    attempt to use environment variables, shared credentials, or IAM 
+    (instance or task) role credentials. Order of precedence is determined 
+    by the [AWS SDK](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+
+    *Brian Knight*
+
 *   Rails 6 requires Ruby 2.4.1 or newer.
 
     *Jeremy Daer*

diff --git a/activestorage/lib/active_storage/service/s3_service.rb b/activestorage/lib/active_storage/service/s3_service.rb
@@ -9,8 +9,8 @@ module ActiveStorage
   class Service::S3Service < Service
     attr_reader :client, :bucket, :upload_options
 
-    def initialize(access_key_id:, secret_access_key:, region:, bucket:, upload: {}, **options)
-      @client = Aws::S3::Resource.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: region, **options)
+    def initialize(bucket:, upload: {}, **options)
+      @client = Aws::S3::Resource.new(**options)
       @bucket = @client.bucket(bucket)
 
       @upload_options = upload

diff --git a/activestorage/test/service/s3_service_test.rb b/activestorage/test/service/s3_service_test.rb
@@ -3,7 +3,7 @@
 require "service/shared_service_tests"
 require "net/http"
 
-if SERVICE_CONFIGURATIONS[:s3] && SERVICE_CONFIGURATIONS[:s3][:access_key_id].present?
+if SERVICE_CONFIGURATIONS[:s3]
   class ActiveStorage::Service::S3ServiceTest < ActiveSupport::TestCase
     SERVICE = ActiveStorage::Service.configure(:s3, SERVICE_CONFIGURATIONS)
 

diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md
@@ -114,6 +114,13 @@ gem "aws-sdk-s3", require: false
 
 NOTE: The core features of Active Storage require the following permissions: `s3:ListBucket`, `s3:PutObject`, `s3:GetObject`, and `s3:DeleteObject`. If you have additional upload options configured such as setting ACLs then additional permissions may be required.
 
+NOTE: If you want to use environment variables, standard SDK configuration files, profiles,
+IAM instance profiles or task roles, you can omit the `access_key_id`, `secret_access_key`,
+and `region` keys in the example above. The Amazon S3 Service supports all of the
+authentication options described in the [AWS SDK documentation]
+(https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+
+
 ### Microsoft Azure Storage Service
 
 Declare an Azure Storage service in `config/storage.yml`: