Warning Jobserver and all related Jobserver integrations are end of life starting October, 2024, with the exception of Public Sector customers using GovCloud or on-prem environments.
For information on the integration of S3 via Edge, go to Integrating an Amazon S3 file system via Edge.

Configure role-based Amazon S3 access control for Jobserver

When you register an Amazon S3 file system, you can authenticate to Amazon S3 based on an IAM role. As a result, you can connect to Amazon S3 without an access key ID and secret access key.

Prerequisites

  • You have access to the AWS IAM console.
  • You have access to the Amazon EC2 console.
  • You have an Amazon EC2 instance.

Steps

  1. In AWS Identity and Access Management, do the following:
    1. Create a new IAM role or select an existing IAM role.
    2. Attach the following policies to the IAM role:
      • AWSGlueServiceRole (AWS managed policy)
      • pass_role (inline policy)
        You can use the following JSON content:
        {
         "Version": "2012-10-17",
         "Statement": 
         [
          {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": "iam:PassRole",
           "Resource": "*"
          }
         ]
        }
  2. In the Amazon EC2 console, attach the IAM role to the Amazon EC2 instance.
  3. Install the Jobserver service on the Amazon EC2 instance node.

More information

If the credentials in the Amazon EC2 instance can't be used to authenticate, you can create a credentials file and save it in the user_home/.aws/ folder. The credentials file should look like this:

[default]
aws_access_key_id = <access key ID>
aws_secret_access_key = <secret access key>

For more information, see the AWS developer guide.

Warning Do not use a credentials file unless absolutely necessary.

What's next?

You can now connect to Amazon S3 via the jobserver service on the Amazon EC2 instance node.