Assume Role in multiple environments

[brianjhanson]

I have a potentially unique situation and am looking for some guidance.

In production, our Craft instance is hosted in a cluster of some kind (we don't manage it, so I'm not sure exactly how it works). This means we need to leave the Access Key ID and Secret Key ID fields blank within this plugin in order for the environment variables will be picked up.

However, in the lower environments (staging and dev) we use a separate bucket which needs the Access Key ID and Secret Key ID to have .env values.

My problem is that when I add an environment variable to the field, the field is no longer considered blank (even if the .env value doesn't exist) and therefore the environment variables aren't picked up in the higher environments when I push updates through.

Is there a recommended way to handle this? I have a feeling there are some fancy things you could do in the app.php file, but I wanted to reach out before I attempted to reverse engineer it.

[angrybrad]

Honestly, not 100% sure. Looking at https://github.com/craftcms/aws-s3/blob/main/src/Fs.php#L548-L555, I think it should work if you set things like the access and secret key from a multi-environment config. And if those are missing from the production environment, it should fall back to IAM permissions.

Haven't tested it, though.

[brianjhanson]

Thanks @angrybrad! Your pointer led me in the right direction.

It looks like the multi-environment config (via config/volumes.php) has been deprecated. Since I'm using hard mode adding that file threw a deprecation error that pointed me to the knowledge base article about dependency injection which got me to my solution.

My solution is pretty close to the code in the docs, but providing it here for future travelers.

/**
 * Within the init function of my custom module's main PHP class
 */

// Using `in_array` because we actually have multiple environments to override
 if (in_array(Craft::$app->env, ['dev'])) {
          Craft::$container->set(Volume::class, function($container, $params, $config) {
             if (empty($config['id'])) {
                  return new Volume($config);
              }

              return new Volume(array_merge($config, [
                  'keyId' => '$S3_ACCESS_KEY_ID',
                  'secret' => '$S3_SECRET_ACCESS_KEY'
              ]));
          });
      }
}