S3 Repository Plugin - Why both SecretAccess Key AND Role for calling Snapshot APIs?


(Praetor) #1

I've been going through quite a few tutorials on how to setup s3 plugin. HEre's one:

https://www.objectrocket.com/blog/elasticsearch/elasticsearch-s3

I completely get that we have to install Roles to allow the plugin on the master nodes to essentially write to the buckets. But the tutorials ALSO indicate when calling the _snapshot/ APIs, you need to pass the Secret Access Key and Access ID. What is the need (if at all) for passing in secret access keys when the EC2 Instances have been given the requisite roles?

PUT /_snapshot/s3_repository
{
  "type": "s3",
  "settings": {
    "bucket": "MYBUCKETNAME",
    "region": "us-east-1",
    "access_key": "KEY",
    "secret_key": "SECRET"
  }
}'

(Ryan Ernst) #2

Passing the access/secret key is not required. If not specified, authentication will fallback to roles through EC2.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.