feat(providers): add AWS IAM as a credential provider for s3 storage (#2213) (#2222)

* add AWS IAM as a credential provider for s3 storage * Update s3_storage.go Co-authored-by: Jarek Kowalski <jaak@jkowalski.net> Co-authored-by: Sidhartha Mani <wlan0@users.noreply.github.com>
2026-05-18 11:44:36 -04:00 · 2022-07-23 08:23:13 -07:00
parent 31c5bd94bc
commit 0e62d64576
1 changed files with 20 additions and 1 deletions
--- a/repo/blob/s3/s3_storage.go
+++ b/repo/blob/s3/s3_storage.go
@@ -316,7 +316,26 @@ func New(ctx context.Context, opt *Options) (blob.Storage, error) {
 }

 func newStorage(ctx context.Context, opt *Options) (*s3Storage, error) {
-	return newStorageWithCredentials(ctx, credentials.NewStaticV4(opt.AccessKeyID, opt.SecretAccessKey, opt.SessionToken), opt)
+	creds := credentials.NewChainCredentials(
+		[]credentials.Provider{
+			&credentials.Static{
+				Value: credentials.Value{
+					AccessKeyID:     opt.AccessKeyID,
+					SecretAccessKey: opt.SecretAccessKey,
+					SessionToken:    opt.SessionToken,
+					SignerType:      credentials.SignatureV4,
+				},
+			},
+			&credentials.EnvAWS{},
+			&credentials.IAM{
+				Client: &http.Client{
+					Transport: http.DefaultTransport,
+				},
+			},
+		},
+	)
+
+	return newStorageWithCredentials(ctx, creds, opt)
 }

 func newStorageWithCredentials(ctx context.Context, creds *credentials.Credentials, opt *Options) (*s3Storage, error) {