Warning Jobserver and all related Jobserver integrations are end of life starting October, 2024, with the exception of Public Sector customers using GovCloud or on-prem environments.
For information on the integration of S3 via Edge, go to Integrating an Amazon S3 file system via Edge.

Configure role-based Amazon S3 access control for Jobserver

When you register an Amazon S3 file system, you can authenticate to Amazon S3 based on an IAM role. As a result, you can connect to Amazon S3 without an access key ID and secret access key.

Prerequisites

  • You have access to the AWS IAM console.
  • You have access to the Amazon EC2 console.
  • You have an Amazon EC2 instance.

Steps

  1. In AWS Identity and Access Management, do the following:
    1. Create a new IAM role or select an existing IAM role.
    2. Attach the following policies to the IAM role:
      • AWSGlueServiceRole (AWS managed policy)
      • pass_role (inline policy)
        You can use the following JSON content:
        {
         "Version": "2012-10-17",
         "Statement": 
         [
          {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": "iam:PassRole",
           "Resource": "*"
          }
         ]
        }
  2. In the Amazon EC2 console, attach the IAM role to the Amazon EC2 instance.
  3. Install the Jobserver service on the Amazon EC2 instance node.
    • Linux
    • Windows

More information

If the credentials in the Amazon EC2 instance can't be used to authenticate, you can create a credentials file and save it in the user_home/.aws/ folder. The credentials file should look like this:

[default]
aws_access_key_id = <access key ID>
aws_secret_access_key = <secret access key>

For more information, see the AWS developer guide.

Warning Do not use a credentials file unless absolutely necessary.

What's next?

You can now connect to Amazon S3 via the jobserver service on the Amazon EC2 instance node.