diff options
-rw-r--r-- | activestorage/CHANGELOG.md | 8 | ||||
-rw-r--r-- | activestorage/lib/active_storage/service/s3_service.rb | 4 | ||||
-rw-r--r-- | activestorage/test/service/s3_service_test.rb | 2 | ||||
-rw-r--r-- | guides/source/active_storage_overview.md | 7 |
4 files changed, 18 insertions, 3 deletions
diff --git a/activestorage/CHANGELOG.md b/activestorage/CHANGELOG.md index d794afb0e6..5541f7f331 100644 --- a/activestorage/CHANGELOG.md +++ b/activestorage/CHANGELOG.md @@ -1,3 +1,11 @@ +* Allow full use of the AWS S3 SDK options for authentication. If an + explicit AWS key pair and/or region is not provided in `storage.yml`, + attempt to use environment variables, shared credentials, or IAM + (instance or task) role credentials. Order of precedence is determined + by the [AWS SDK](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html). + + *Brian Knight* + * Rails 6 requires Ruby 2.4.1 or newer. *Jeremy Daer* diff --git a/activestorage/lib/active_storage/service/s3_service.rb b/activestorage/lib/active_storage/service/s3_service.rb index 8ab7a44131..5e489f4be1 100644 --- a/activestorage/lib/active_storage/service/s3_service.rb +++ b/activestorage/lib/active_storage/service/s3_service.rb @@ -9,8 +9,8 @@ module ActiveStorage class Service::S3Service < Service attr_reader :client, :bucket, :upload_options - def initialize(access_key_id:, secret_access_key:, region:, bucket:, upload: {}, **options) - @client = Aws::S3::Resource.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: region, **options) + def initialize(bucket:, upload: {}, **options) + @client = Aws::S3::Resource.new(**options) @bucket = @client.bucket(bucket) @upload_options = upload diff --git a/activestorage/test/service/s3_service_test.rb b/activestorage/test/service/s3_service_test.rb index d6996209d2..7833e51122 100644 --- a/activestorage/test/service/s3_service_test.rb +++ b/activestorage/test/service/s3_service_test.rb @@ -3,7 +3,7 @@ require "service/shared_service_tests" require "net/http" -if SERVICE_CONFIGURATIONS[:s3] && SERVICE_CONFIGURATIONS[:s3][:access_key_id].present? +if SERVICE_CONFIGURATIONS[:s3] class ActiveStorage::Service::S3ServiceTest < ActiveSupport::TestCase SERVICE = ActiveStorage::Service.configure(:s3, SERVICE_CONFIGURATIONS) diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md index 831a02a9a1..d67f65e88a 100644 --- a/guides/source/active_storage_overview.md +++ b/guides/source/active_storage_overview.md @@ -114,6 +114,13 @@ gem "aws-sdk-s3", require: false NOTE: The core features of Active Storage require the following permissions: `s3:ListBucket`, `s3:PutObject`, `s3:GetObject`, and `s3:DeleteObject`. If you have additional upload options configured such as setting ACLs then additional permissions may be required. +NOTE: If you want to use environment variables, standard SDK configuration files, profiles, +IAM instance profiles or task roles, you can omit the `access_key_id`, `secret_access_key`, +and `region` keys in the example above. The Amazon S3 Service supports all of the +authentication options described in the [AWS SDK documentation] +(https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html). + + ### Microsoft Azure Storage Service Declare an Azure Storage service in `config/storage.yml`: |