From 0e62d64576d58c653bc79b709c4a8ad071e701bb Mon Sep 17 00:00:00 2001
From: Jarek Kowalski <jaak@jkowalski.net>
Date: Sat, 23 Jul 2022 08:23:13 -0700
Subject: [PATCH] feat(providers): add AWS IAM as a credential provider for s3
 storage (#2213) (#2222)

* add AWS IAM as a credential provider for s3 storage

* Update s3_storage.go

Co-authored-by: Jarek Kowalski <jaak@jkowalski.net>

Co-authored-by: Sidhartha Mani <wlan0@users.noreply.github.com>
---
 repo/blob/s3/s3_storage.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/repo/blob/s3/s3_storage.go b/repo/blob/s3/s3_storage.go
index c5e1176cd..57de97ad3 100644
--- a/repo/blob/s3/s3_storage.go
+++ b/repo/blob/s3/s3_storage.go
@@ -316,7 +316,26 @@ func New(ctx context.Context, opt *Options) (blob.Storage, error) {
 }
 
 func newStorage(ctx context.Context, opt *Options) (*s3Storage, error) {
-	return newStorageWithCredentials(ctx, credentials.NewStaticV4(opt.AccessKeyID, opt.SecretAccessKey, opt.SessionToken), opt)
+	creds := credentials.NewChainCredentials(
+		[]credentials.Provider{
+			&credentials.Static{
+				Value: credentials.Value{
+					AccessKeyID:     opt.AccessKeyID,
+					SecretAccessKey: opt.SecretAccessKey,
+					SessionToken:    opt.SessionToken,
+					SignerType:      credentials.SignatureV4,
+				},
+			},
+			&credentials.EnvAWS{},
+			&credentials.IAM{
+				Client: &http.Client{
+					Transport: http.DefaultTransport,
+				},
+			},
+		},
+	)
+
+	return newStorageWithCredentials(ctx, creds, opt)
 }
 
 func newStorageWithCredentials(ctx context.Context, creds *credentials.Credentials, opt *Options) (*s3Storage, error) {