Support IAM roles / instance profiles #63

meonkeys opened this Issue Jun 26, 2012 · 18 comments


None yet

"roles" (aka "instance profiles"?) allow, among other things, an admin to give an EC2 instance read/write access to a particular S3 bucket. On an instance with the proper roles/permissions, an s3cmd configuration file is not necessary.


also, the latest python-boto will obtain these keys automatically, or you have to manually specify the access key, secret key, and the new security token. It seems the ability to pass this token is the necessary piece of the puzzle.

for more info, see:



thughes commented Sep 28, 2012


sigil66 commented Oct 2, 2012


jonaf commented Oct 8, 2012


ijin commented Dec 2, 2012


jsmartin commented Dec 7, 2012


What's with all the lame "+1" garbage? Submit a pull request if this is important to you.

This looks trivial to implement, and there is already some API design precedent in the boto library: fall back to trying IAM roles when no credentials are in the config file. A new flag to force role authentication would probably be useful too.

+1 @jberryman proposal :)

seriously, if somebody have time and experience , this is good job for weekend.

also I am going to search or fill request for parallel s3sync.

Meanwhile I did something like balanced files tree with lot of s3sync processes inside.
In this way I am get all threads (s3sync) estimation time equal as near as possible.
Really good boost for huge amount of files downloading.

Found parallel workers request and some patches . Cool .


Wonder why it is still not in master.

astrostl commented Jan 5, 2013

"What's with all the lame "+1" garbage? Submit a pull request if this is important to you."

Users are not necessarily developers.


mdomsch commented Mar 9, 2013

It looks like this support was added in commit dc590d6
Author: David Kohen
Date: Wed Feb 13 15:57:11 2013 +0200

Add support for IAM roles and temp tokens

Refresh temp tokens on every request.
Add support for roles in S3, CloudFront and SimpleDB.
Add support for AWS_CREDENTIALS_FILE env variable and the file it references

mdomsch closed this Mar 9, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment