From Friday, April 19th (11:00 PM CDT) through Saturday, April 20th (2:00 PM CDT), 2024, ni.com will undergo system upgrades that may result in temporary service interruption.

We appreciate your patience as we improve our online experience.

Home Community User Groups Special Interest Groups LabVIEW Cloud Toolkits Forum Topic

LabVIEW Cloud Toolkits

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Logon to S3 with I AM ROLE

Logon to S3 with I AM ROLE

‎09-11-2018 04:03 AM

Hi,

 

has anyone tried to upload and download the files from S3 with the I AM role option? Is there any support available for the same using the toolkit?

 

I could logon to the Personal s3 using the keys (Access and Secret Keys), but to access the Organization S3, it needs to be done using the IAM role (through an Amazon EC2 server). So if anyone has any experience on this topic, please suggest or share any sample code

Regards
Guru (CLA)
0 Kudos
Message 1 of 4
(4,454 Views)
Reply

Re: Logon to S3 with I AM ROLE

‎09-11-2018 03:47 PM

Hi,

 

I've never tried out authentication through an IAM role, but I think it should be feasible. This AWS documentation brought me up to speed on the concept on a high level.

Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances

 

For actual implementation in a LabVIEW app, it looks like EC2 instances are hosting a local service that you can perform a HTTP GET to get the temporary access key and secret keys that have been granted to that specific EC2 instance. Then the keys returned can be used how you've normally accessed the s3 buckets through the AWS toolkit.

Retrieving Security Credentials from Instance Metadata

 

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access

 

The following is example output.

 

{
  "Code" : "Success",
  "LastUpdated" : "2012-04-26T16:39:16Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "ASIAIOSFODNN7EXAMPLE",
  "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
  "Token" : "token",
  "Expiration" : "2017-05-17T15:09:54Z"
}

 

Hopefully that works out for you!

 

Danny Funk -- Senior Group Manager -- Software R&D -- NI
0 Kudos
Message 2 of 4
(4,448 Views)
Reply

Re: Logon to S3 with I AM ROLE

‎12-13-2018 10:19 AM

Hi,

 

I don't understand where you are suppose to put the security token you will receive with your temporary credentials. The AWS Credentials typedef in input of every vi of the Tool Kit seems to have only room for access key and secret key but according to https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html the security token has to be added to the header of every request. Am I missing something or will it be necessary to modify the Tool Kit to accept authentication with the security token

 

 

0 Kudos
Message 3 of 4
(4,223 Views)
Reply

Re: Logon to S3 with I AM ROLE

‎12-14-2018 09:20 AM

I suspect this can be achieved by CLI and the toolkit is not able to do this.

0 Kudos
Message 4 of 4
(4,219 Views)
Reply