starred/flyimg
1
0
Fork 0
mirror of https://github.com/flyimg/flyimg.git synced 2026-04-25 09:45:50 +03:00
Code Issues Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #590] Make access_id and secret_key optional for IRSA S3 access support #213

New issue
Closed
opened 2026-02-25 22:34:37 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:34:37 +03:00
Owner
Copy link

Originally created by @yo-l1982 on GitHub (Oct 16, 2025).
Original GitHub issue: https://github.com/flyimg/flyimg/issues/590

Originally assigned to: @sadok-f on GitHub.

Is your feature request related to a problem? Please describe.
In EKS we use IRSA to access buckets.
It is a no key/secret access method were the container uses a ServiceAccount connected to a IAM role that will inject what is needed for the AWS SDK to access the bucket.

Describe the solution you'd like
Make access_id and secret_key optional as they are now enforced by validation.
When these two parameters are set and passed into the AWS SDK client the key/secret access method will take precedence over IRSA. Any dummy key/secret will return a 403 from AWS API.

I have tried this with a custom build of flyimg and it works, I can deliver a PR, it is a really simple fix.

As seen below flyimg is already using supported AWS SDK versions
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html

Additional context
I believe this also will add support for "Pod identities" in EKS
https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html

It will probably also add support for similar solutions in Azure and GCP but I am in no possition to test this.

Originally created by @yo-l1982 on GitHub (Oct 16, 2025). Original GitHub issue: https://github.com/flyimg/flyimg/issues/590 Originally assigned to: @sadok-f on GitHub. **Is your feature request related to a problem? Please describe.** In EKS we use [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html) to access buckets. It is a no key/secret access method were the container uses a ServiceAccount connected to a IAM role that will inject what is needed for the AWS SDK to access the bucket. **Describe the solution you'd like** Make access_id and secret_key optional as they are now enforced by validation. When these two parameters are set and passed into the AWS SDK client the key/secret access method will take precedence over IRSA. Any dummy key/secret will return a 403 from AWS API. I have tried this with a custom build of flyimg and it works, I can deliver a PR, it is a really simple fix. As seen below flyimg is already using supported AWS SDK versions https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html **Additional context** I believe this also will add support for "Pod identities" in EKS https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html It will probably also add support for similar solutions in Azure and GCP but I am in no possition to test this.
kerem 2026-02-25 22:34:37 +03:00
kerem commented 2026-02-25 22:34:38 +03:00
Author
Owner
Copy link

@sadok-f commented on GitHub (Oct 17, 2025):

Hi @yo-l1982
thank you for opening this issue.
yes I understand what you mean here.
we'll work to update the functionality asap.
Thank you again!

<!-- gh-comment-id:3414212609 --> @sadok-f commented on GitHub (Oct 17, 2025): Hi @yo-l1982 thank you for opening this issue. yes I understand what you mean here. we'll work to update the functionality asap. Thank you again!
kerem commented 2026-02-25 22:34:38 +03:00
Author
Owner
Copy link

@sadok-f commented on GitHub (Oct 19, 2025):

@yo-l1982 we’ve just released version 1.9.1, which includes updates to support the IRSA feature.

Thank you!

<!-- gh-comment-id:3419884715 --> @sadok-f commented on GitHub (Oct 19, 2025): @yo-l1982 we’ve just released version 1.9.1, which includes updates to support the IRSA feature. Thank you!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
add-trendshift-badge
gh-pages
issue#547
issue#546
issue#448
1.12.0
1.11.0
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.1
1.8.0
1.7.11
1.7.10
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.0
1.4.15
1.4.14
1.4.13
1.4.12
1.4.11
1.4.10
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.58
1.1.57
1.1.56
1.1.55
1.1.54
1.1.53
1.1.52
1.1.51
1.1.50
1.1.49
1.1.48
1.1.47
1.1.46
1.1.45
1.1.44
1.1.43
1.1.42
1.1.41
1.1.40
1.1.39
1.1.38
1.1.37
1.1.36
1.1.35
1.1.34
1.1.33
1.1.32
1.1.31
1.1.30
1.1.29
1.1.28
1.1.27
1.1.26
1.1.25
1.1.24
1.1.23
1.1.22
1.1.21
1.1.20
1.1.19
1.1.18
1.1.17
1.1.16
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.9
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.2.0
0.1.9
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
Labels
Clear labels   
Docs

   
Docs

   
Docs

   
Security

   
UnitTest

   
bug

   
dependencies

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
hacktoberfest

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
version 1

   
version 2

   
wontfix
No labels
Docs
Docs
Docs
Security
UnitTest
bug
dependencies
duplicate
enhancement
enhancement
enhancement
hacktoberfest
help wanted
invalid
pull-request
question
stale
version 1
version 2
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/flyimg#213
No description provided.