The gitlab backup rake task doesn't support IAM credentials for S3
I was trying to set up offsite gitlab backups from an AWS EC2 instance. I was following the instructions at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/raketasks/backup_restore.md
This instance is associated with an IAM role, and thus shouldn't need to use hardcoded aws_access_key_id
and aws_secret_access_key
values.
lib/backup/manager.rb
uses Fog for conecting to AWS, and expects aws_access_key_id
and aws_secret_access_key
to be provided as part of gitlab_rails['backup_upload_connection']
config.
Fog does support using IAM, via use_iam_profile => true
in the constructor.
I got it "working" by the following hack in manager.rb
- connection = ::Fog::Storage.new(connection_settings)
+ connection = ::Fog::Storage::AWS.new({:use_iam_profile => true})
This would break things for other cloud storage providers however.
Is IAM support for backups to S3 on the roadmap?
Cheers,
Dave