Skip to content

[Feature]: Add Role Assumption Logic for S3 operations #16

New issue
New issue
Open
Open
[Feature]: Add Role Assumption Logic for S3 operations#16
Labels
enhancementNew feature or request
@shivanand007

Description

@shivanand007
shivanand007
opened on Jul 14, 2025

Currently, the codebase only supports basic AWS credentials through environment variables. We should add support for AWS IAM Role assumption to enhance security and follow AWS best practices.

Current Behavior

  • Only supports basic AWS credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)
  • No support for assuming IAM roles

Proposed Changes

  1. Add support for role assumption configuration through:

    • Environment variables (AWS_ROLE_ARN, AWS_ROLE_SESSION_NAME)
    • Constructor parameters in S3Resource class

  2. Implement STS client integration for assuming roles

  3. Update documentation to include role assumption setup

Technical Details

  • Use AWS STS (Security Token Service) to obtain temporary credentials
  • Update S3Client configuration to use temporary credentials when role ARN is provided
  • Handle credential refresh when temporary credentials expire

Benefits

    • Support for cross-account access
    • Enhanced security through temporary credentials
    • Better alignment with AWS security best practices

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions