Skip to content

POC: Add IAM role support for S3 audit event streaming

Nate Rosandichrequested to merge
poc/iam-roles-s3-audit-streaming into master

This POC implements support for using AWS IAM roles instead of access keys for S3 audit event streaming.

Addresses: #454683

Changes:

  • Add use_iam_profile column to S3 configuration models
  • Update Aws::S3Client to support IAM role authentication
  • Modify streaming destination to use IAM profiles when configured
  • Add comprehensive tests
  • Update GraphQL API to support new configuration option

Benefits:

  • Eliminates need for long-lived access keys
  • Improves security posture for customers like Amazon
  • Maintains full backward compatibility
  • Leverages AWS SDK credential provider chain

Merge request reports