To configure IAM authentication, the Secure Agent needs to run on an Amazon Elastic Compute Cloud (EC2) system. If you prefer not to specify the keys or use the IAM role ARN, then assign the minimum policy to the EC2 with access to the S3 bucket.
When you use a serverless runtime environment, you cannot configure IAM authentication.
If you do not provide the access key and the secret key in the connection, Amazon S3 V2 Connector uses AWS credentials provider chain that looks for credentials in the following order:
The
AWS_ACCESS_KEY_ID
and
AWS_SECRET_ACCESS_KEY
or
AWS_ACCESS_KEY
and
AWS_SECRET_KEY
environment variables.
The
aws.accessKeyId
and
aws.secretKey
java system properties.
The credential profiles file at the default location,
~/.aws/credentials
.
The instance profile credentials delivered through the Amazon EC2 metadata service.
Perform the following steps to configure IAM authentication on EC2:
Create a minimal Amazon IAM policy.
Create the Amazon EC2 role. The Amazon EC2 role is used when you create an EC2 system. For more information about creating the Amazon EC2 role, see the AWS documentation.
Link the minimal Amazon IAM policy with the Amazon EC2 role.
Create an EC2 instance. Assign the Amazon EC2 role that you created in step 2 to the EC2 instance.