Feature Request: Use AWS IAM Role to access S3 buckets about docker-nginx-fpm-alpine HOT 8 CLOSED

There probably is - surely you can extract that using your config management of choice and inject it into the containers conf.php. Unfortunately I don't think any of the maintainers has any AWS or knowledge on the subject, so I'd recommend looking for further details answer in the AWS customers forums or helpdesk. There may be mechanisms for the AWS PHP SDK to pick this up from environment variables, if the right ones get passed through to the container, but I'm no expert on that subject either.

from docker-nginx-fpm-alpine.

We have just released PrivateBin 1.5.2 which includes a feature that should let the AWS SDK use the default credentials provider chain, which will look for credentials in a few places automatically, including environment variables or instance roles, if the credentials are not set in the configuration file. For details on these credential options, see the SDK's documentation on the default credentials provider chain. Please let us know if this covers your use case.

from docker-nginx-fpm-alpine.

Hey @elrido, I had the same issue trying the new image today, as we chat at the time, there are some missing env vars to be made available to php-fpm, I'm opening a PR with a possible fix so you can review it.

from docker-nginx-fpm-alpine.

Hi @guohaolee, if you see #158, @elrido mentioned there's a new Docker image available with tag 1.5.2-alpine3.18.2-aws-env with a fix to allow IAM roles to be used with the Docker image. You should be able to deploy it using IAM roles now.

from docker-nginx-fpm-alpine.

Thanks @fenak ! I have tested it and it's working now!

Are we going to standardise the tag in future with the current S3 tags?

from docker-nginx-fpm-alpine.

@guohaolee I'm not involved with the project, just contributed with the feature, but from what I can see here on https://hub.docker.com/r/privatebin/nginx-fpm-alpine/tags the 1.5.2 got updated, it has the same hashes as 1.5.2-alpine3.18.2-aws-env. So, if you haven't pulled the images yet, or you can force the images to be pulled again in case the old ones are cached on your instance, you should be able to use 1.5.2. As this is fixed now, any future release should be fine, wouldn't need a specific tag to work with the AWS stuff.

from docker-nginx-fpm-alpine.

@guohaolee Just confirming that fenak is correct. The tagging scheme used is documented at https://github.com/PrivateBin/docker-nginx-fpm-alpine#image-tags

In a nutshell, 1.5.2-... is the immutable tag for that specific change and whenever one is produced (usually when the alpine base image gets updated) 1.5.2 (and "stable") gets re-tagged to that latest image.

Some users prefer to use the immutable tags to ensure they can track what got deployed, others prefer to use "stable" and have a mechanism that refreshes these when new ones get pushed. We hope this accommodates either use case.

from docker-nginx-fpm-alpine.

@fenak @elrido Thanks for the update.

It works fine with the 1.5.2 tags!

Once again thank you so much for implementing this! This definitely help in security wise as we don't need to manage any keys at all!

from docker-nginx-fpm-alpine.