airbytehq · marcosmarxm · Jan 14, 2022 · Jan 10, 2022 · Jan 10, 2022 · Jan 10, 2022
@@ -8,6 +8,7 @@ As a community contributor, you will need access to AWS to run the integration t
 
 - Create an S3 bucket for testing.
 - Get your `access_key_id` and `secret_access_key` that can read and write to the above bucket.
+- if you leave `access_key_id` and `secret_access_key` in blank, the authentication will rely on the instance profile authentication
 - Paste the bucket and key information into the config files under [`./sample_secrets`](./sample_secrets).
 - Rename the directory from `sample_secrets` to `secrets`.
 - Feel free to modify the config files with different settings in the acceptance test file (e.g. `S3CsvDestinationAcceptanceTest.java`, method `getFormatConfig`), as long as they follow the schema defined in [spec.json](src/main/resources/spec.json).

@@ -4,6 +4,7 @@
 
 package io.airbyte.integrations.destination.s3;
 
+import com.amazonaws.auth.InstanceProfileCredentialsProvider;
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
@@ -87,8 +88,8 @@ public static S3DestinationConfig getS3DestinationConfig(final JsonNode config)
         config.get("s3_bucket_name").asText(),
         bucketPath,
         config.get("s3_bucket_region").asText(),
-        config.get("access_key_id").asText(),
-        config.get("secret_access_key").asText(),
+        config.get("access_key_id") == null ? "" : config.get("access_key_id").asText(),
+        config.get("secret_access_key") == null ? "" : config.get("secret_access_key").asText(),
         partSize,
         format);
   }
@@ -128,7 +129,13 @@ public S3FormatConfig getFormatConfig() {
   public AmazonS3 getS3Client() {
     final AWSCredentials awsCreds = new BasicAWSCredentials(accessKeyId, secretAccessKey);
 
-    if (endpoint == null || endpoint.isEmpty()) {
+    if (accessKeyId == null && secretAccessKey == null || accessKeyId.isEmpty() && secretAccessKey.isEmpty()) {
+      return AmazonS3ClientBuilder.standard()
+      .withCredentials(new InstanceProfileCredentialsProvider(false))
+      .build();
+    } 
+
+    else if (endpoint == null || endpoint.isEmpty()) {
       return AmazonS3ClientBuilder.standard()
           .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
           .withRegion(bucketRegion)

@@ -12,8 +12,6 @@
       "s3_bucket_name",
       "s3_bucket_path",
       "s3_bucket_region",
-      "access_key_id",
-      "secret_access_key",
       "format"
     ],
     "additionalProperties": false,
@@ -72,7 +70,7 @@
       },
       "access_key_id": {
         "type": "string",
-        "description": "The access key id to access the S3 bucket. Airbyte requires Read and Write permissions to the given bucket.",
+        "description": "The access key id to access the S3 bucket. Airbyte requires Read and Write permissions to the given bucket, if not set, Airbyte will rely on Instance Profile",
         "title": "S3 Key Id",
         "airbyte_secret": true,
         "examples": ["A012345678910EXAMPLE"]

diff --git a/docs/integrations/destinations/s3.md b/docs/integrations/destinations/s3.md
@@ -223,6 +223,7 @@ Under the hood, an Airbyte data stream in Json schema is first converted to an A
 
 | Version | Date | Pull Request | Subject |
 | :--- | :--- | :--- | :--- |
+| 0.2.3 | 2022-01-10 | [\#9399](https://github.com/airbytehq/airbyte/pull/9399) | Use instance profile authentication if credentials are not provided |
 | 0.2.2 | 2021-12-21 | [\#8574](https://github.com/airbytehq/airbyte/pull/8574) | Added namespace to Avro and Parquet record types |
 | 0.2.1 | 2021-12-20 | [\#8974](https://github.com/airbytehq/airbyte/pull/8974) | Release a new version to ensure there is no excessive logging. |
 | 0.2.0 | 2021-12-15 | [\#8607](https://github.com/airbytehq/airbyte/pull/8607) | Change the output filename for CSV files - it's now `bucketPath/namespace/streamName/timestamp_epochMillis_randomUuid.csv` |