add aws s3 iam check (#5174)

2024-06-14 15:19:59 +08:00
parent 0633aae7dc
commit d7fbae286a
4 changed files with 17 additions and 8 deletions
--- a/api/extensions/storage/s3_storage.py
+++ b/api/extensions/storage/s3_storage.py
@@ -16,14 +16,18 @@ class S3Storage(BaseStorage):
        super().__init__(app)
        app_config = self.app.config
        self.bucket_name = app_config.get('S3_BUCKET_NAME')
-        self.client = boto3.client(
-                    's3',
-                    aws_secret_access_key=app_config.get('S3_SECRET_KEY'),
-                    aws_access_key_id=app_config.get('S3_ACCESS_KEY'),
-                    endpoint_url=app_config.get('S3_ENDPOINT'),
-                    region_name=app_config.get('S3_REGION'),
-                    config=Config(s3={'addressing_style': app_config.get('S3_ADDRESS_STYLE')})
-                )
+        if app_config.get('S3_USE_AWS_MANAGED_IAM'):
+            session = boto3.Session()
+            self.client = session.client('s3')
+        else:
+            self.client = boto3.client(
+                        's3',
+                        aws_secret_access_key=app_config.get('S3_SECRET_KEY'),
+                        aws_access_key_id=app_config.get('S3_ACCESS_KEY'),
+                        endpoint_url=app_config.get('S3_ENDPOINT'),
+                        region_name=app_config.get('S3_REGION'),
+                        config=Config(s3={'addressing_style': app_config.get('S3_ADDRESS_STYLE')})
+                    )

    def save(self, filename, data):
        self.client.put_object(Bucket=self.bucket_name, Key=filename, Body=data)