Forcing AWS_ACCESS_KEY_ID to set up S3 prevents using IAM roles for ServiceAccount on AWS EKS

Hi everyone,

I’ve been trying to setup the S3 integration for Baserow on an AWS EKS cluster.

I’m using IAM Roles for ServiceAccounts which works out of the box for almost every chart I use.

However I can’t get it to work for baserow because of the way S3 storage is enabled.

Apparently S3 storage is enabled only in presence of the AWS_ACCESS_KEY_ID environment variable.

Am I missing something? It seems to me that as of now, it is impossible to make it work with ServiceAccounts.

Thank you.

Hi @brkng, I’m not that familiar with IAM roles for ServiceAccounts in AWS, but you’re correct about AWS_ACCESS_KEY_ID needing to be set in order to activate the S3 integration.

We’re using this library Amazon S3 — django-storages 1.14.2 documentation for S3. I’m happy to make the activation of it more flexible by, for example, introducing an AWS_STORAGE_ENABLED environment variable to force the activation without providing the AWS_ACCESS_KEY_ID env var, but I’m not sure if the library we’re using is compatible with IAM roles for ServiceAccounts.

Thank you for replying quickly!

Boto3 should be compatible with ServiceAccounts, I think that’s what django-storages might be using, but I’m a bit out of my depth here.

If you can provide a build where only AWS_STORAGE_ENABLED is used to activate S3, I think it should work out of the box. It would be great!