You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to access an Amazon S3 instance within a Docker container with an IAM role (assigned to the EC2 instance).
There seems to be a problem with the example code here, which does not work with current version 6.0.2.
The MinioClient cannot be created with this example, because there's an if-condition inside the Build() method which checks on any assigned providers (e.g. the used IAMAWSProvider) in combination with a SessionToken.
And here lies my problem, because there's no SessionToken available, yet and this always results (at least for me) to the error message "User Access Credentials Provider not initialized correctly.". The MinioClient (with the use of WithCredentialsProvider(provider)) has to be build first and then assigned to the created IAMAWSProvider instance via WithMinioClient(minio).
However, I was able to establish access to the S3 instance with the following code (the example code is certainly be better to use):
Due to the problem mentioned above, the provider can only be assigned after the MinioClient has been built. I find the unnecessary calling of the "WithCredentials" method unpleasant, but without it you get an error that the user credentials (which we don't need here anyway) have not been initialized.
You should at least adjust the example code to a working example. Looking forward to a proper fix of this problem :)
The text was updated successfully, but these errors were encountered:
Well, I investigated this further. This change might fix the usage error, so you can now use the IAMAWSProvider as intended, but it was still not working properly for me. I couldn't download files via PresignedObjectUrls from it, the browser shows them as damaged or invalid files.
I've changed my logic to retrieve the SessionToken and Credentials manually from S3 SLS Endpoints and then initialized the MinioClient with it. Now downloads work. The current logic inside IAMAWSProvider should be checked.
Currently this is working for me:
// retrieves required credentials and sessionToken from SLS Endpointsvars3Token=await _tokenProvider.GetS3AccessTokenAsync();
minioClient.WithCredentials(s3Token.AccessKeyId, s3Token.SecretAccessKey).WithSessionToken(s3Token.Token).WithRegion(bucket.Region);// for me it's "eu-central-1"
Inside the GetS3AccessTokenAsync helper method I request a token from http://169.254.169.254/latest/api/token with the default X-aws-ec2-metadata-token-ttl-seconds header (21600) and then use this token to get the credentials from http://169.254.169.254/latest/meta-data/iam/security-credentials/<iam-role-name-here> (replace "<iam-role-name-here>" with actual role name) using the previously requested token inside the X-aws-ec2-metadata-token header.
I wanted to access an Amazon S3 instance within a Docker container with an IAM role (assigned to the EC2 instance).
There seems to be a problem with the example code here, which does not work with current version 6.0.2.
The MinioClient cannot be created with this example, because there's an if-condition inside the Build() method which checks on any assigned providers (e.g. the used IAMAWSProvider) in combination with a SessionToken.
And here lies my problem, because there's no SessionToken available, yet and this always results (at least for me) to the error message "User Access Credentials Provider not initialized correctly.". The MinioClient (with the use of
WithCredentialsProvider(provider)
) has to be build first and then assigned to the created IAMAWSProvider instance viaWithMinioClient(minio)
.However, I was able to establish access to the S3 instance with the following code (the example code is certainly be better to use):
Due to the problem mentioned above, the provider can only be assigned after the MinioClient has been built. I find the unnecessary calling of the "WithCredentials" method unpleasant, but without it you get an error that the user credentials (which we don't need here anyway) have not been initialized.
You should at least adjust the example code to a working example. Looking forward to a proper fix of this problem :)
The text was updated successfully, but these errors were encountered: