S3 Repository Plugin - Why both SecretAccess Key AND Role for calling Snapshot APIs?

titan1978 · February 27, 2018, 6:54pm

I've been going through quite a few tutorials on how to setup s3 plugin. HEre's one:

Configuring Elasticsearch to Use S3 for Snapshots | ObjectRocket

I completely get that we have to install Roles to allow the plugin on the master nodes to essentially write to the buckets. But the tutorials ALSO indicate when calling the _snapshot/ APIs, you need to pass the Secret Access Key and Access ID. What is the need (if at all) for passing in secret access keys when the EC2 Instances have been given the requisite roles?

PUT /_snapshot/s3_repository
{
  "type": "s3",
  "settings": {
    "bucket": "MYBUCKETNAME",
    "region": "us-east-1",
    "access_key": "KEY",
    "secret_key": "SECRET"
  }
}'

rjernst · February 27, 2018, 8:35pm

Passing the access/secret key is not required. If not specified, authentication will fallback to roles through EC2.

system · March 27, 2018, 8:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
S3 snapshots in ES v1.7? Elasticsearch	1	404	September 13, 2018
Snapshot to S3 from elasticsearch cloud Elasticsearch	4	485	May 19, 2020
Need Help: Configuring S3 Snapshots after ElasticSearch Instance Spun up Elasticsearch	3	455	March 25, 2018
Passing credentials for S3 snapshot repository in Terraform Elasticsearch snapshot-and-restore	1	160	March 21, 2024
Authentication issue with S3 Repository in EKS Elasticsearch	4	1222	April 28, 2020

S3 Repository Plugin - Why both SecretAccess Key AND Role for calling Snapshot APIs?

Related topics