From b3b285a4637fcd1f80ff49db15fc1136dee41af7 Mon Sep 17 00:00:00 2001 From: aportillo83 <72951744+aportillo83@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:54:10 -0600 Subject: [PATCH] Update AWS S3 Extension to allow for use of credential chain. (#969) ## Motivation and Context (Why the change? What's the scenario?) Allow the use of [instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for authentication and the proper use of [credential chain](https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html). ## High level description (Approach, Design) Added AWS S3 Extension CredentialChain authentication method to use default credentials --------- Co-authored-by: Armando Portill Co-authored-by: Devis Lucato Co-authored-by: Devis Lucato --- extensions/AWS/S3/AWSS3Config.cs | 18 +++++++++++------- extensions/AWS/S3/AWSS3Storage.cs | 11 ++++++++++- service/Service/appsettings.json | 1 + 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/extensions/AWS/S3/AWSS3Config.cs b/extensions/AWS/S3/AWSS3Config.cs index 65c15a6e5..6c3b4e320 100644 --- a/extensions/AWS/S3/AWSS3Config.cs +++ b/extensions/AWS/S3/AWSS3Config.cs @@ -1,4 +1,4 @@ -// Copyright (c) Microsoft. All rights reserved. +// Copyright (c) Microsoft. All rights reserved. using System.Text.Json.Serialization; @@ -13,6 +13,7 @@ public enum AuthTypes { Unknown = -1, AccessKey, + CredentialChain, } public AuthTypes Auth { get; set; } = AuthTypes.Unknown; @@ -45,14 +46,17 @@ public void Validate() throw new ConfigurationException($"Authentication type '{this.Auth}' undefined or not supported"); } - if (string.IsNullOrWhiteSpace(this.AccessKey)) + if (this.Auth == AuthTypes.AccessKey) { - throw new ConfigurationException("S3 Access Key is undefined"); - } + if (string.IsNullOrWhiteSpace(this.AccessKey)) + { + throw new ConfigurationException("S3 Access Key is undefined"); + } - if (string.IsNullOrWhiteSpace(this.SecretAccessKey)) - { - throw new ConfigurationException("S3 Secret Key Access undefined"); + if (string.IsNullOrWhiteSpace(this.SecretAccessKey)) + { + throw new ConfigurationException("S3 Secret Key Access undefined"); + } } if (string.IsNullOrWhiteSpace(this.BucketName)) diff --git a/extensions/AWS/S3/AWSS3Storage.cs b/extensions/AWS/S3/AWSS3Storage.cs index 1c54d6b95..06b356249 100644 --- a/extensions/AWS/S3/AWSS3Storage.cs +++ b/extensions/AWS/S3/AWSS3Storage.cs @@ -1,4 +1,4 @@ -// Copyright (c) Microsoft. All rights reserved. +// Copyright (c) Microsoft. All rights reserved. using System; using System.Collections.Generic; @@ -43,6 +43,15 @@ public AWSS3Storage( ); break; } + case AWSS3Config.AuthTypes.CredentialChain: + { + this._client = new AmazonS3Client(new AmazonS3Config + { + ServiceURL = config.Endpoint, + LogResponse = true + }); + break; + } default: this._log.LogCritical("Authentication type '{0}' undefined or not supported", config.Auth); diff --git a/service/Service/appsettings.json b/service/Service/appsettings.json index 5519ff8d2..aa1970bef 100644 --- a/service/Service/appsettings.json +++ b/service/Service/appsettings.json @@ -242,6 +242,7 @@ "HttpClientName": "" }, "AWSS3": { + // "AccessKey" or "CredentialChain". For other options see . "Auth": "AccessKey", // AccessKey ID, required when using AccessKey auth // Note: you can use an env var 'KernelMemory__Services__AWSS3__AccessKey' to set this