Warning Jobserver and all related Jobserver integrations are end of life starting October, 2024, with the exception of Public Sector customers using GovCloud or on-prem environments.
For information on the integration of S3 via Edge, go to Integrating an Amazon S3 file system via Edge.

Configure role-based Amazon S3 access control for Jobserver

When you register an Amazon S3 file system, you can authenticate to Amazon S3 based on an IAM role. As a result, you can connect to Amazon S3 without an access key ID and secret access key.

Prerequisites

• You have access to the AWS IAM console.
• You have access to the Amazon EC2 console.
• You have an Amazon EC2 instance.

Steps

1. In AWS Identity and Access Management, do the following:
   1. Create a new IAM role or select an existing IAM role.
   2. Attach the following policies to the IAM role:
   • AWSGlueServiceRole (AWS managed policy)
   • pass_role (inline policy)
     You can use the following JSON content:

     {
      "Version": "2012-10-17",
      "Statement": 
      [
       {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": "iam:PassRole",
        "Resource": "*"
       }
      ]
     }

2. In the Amazon EC2 console, attach the IAM role to the Amazon EC2 instance.
3. Install the Jobserver service on the Amazon EC2 instance node.
   • Linux
   • Windows

More information

If the credentials in the Amazon EC2 instance can't be used to authenticate, you can create a credentials file and save it in the user_home/.aws/ folder. The credentials file should look like this:

[default]
aws_access_key_id = <access key ID>
aws_secret_access_key = <secret access key>

For more information, see the AWS developer guide.

Warning Do not use a credentials file unless absolutely necessary.

What's next?

You can now connect to Amazon S3 via the jobserver service on the Amazon EC2 instance node.