IAM ROLE FOR S3 ACCESS I have lakeFS container spun up on an ec2 instance working in local-storage mode fine. I now want to change the configuration to use s3 instead of local storage. My ec2 instance is assigned an IAM role that has the ALL the required privileges for s3 actions. I generally don't need to specify any access key when I create or access buckets from AWS CLI because the ec2 instance has the IAM role that has all the privileges. What exactly do I have to specify in config.yaml or the docker run parameters in order to connect to s3 and create LakeFS repo etc?

Hi @Sam Can you please clarify your request - what error are you getting? Also, are the s3 bucket and ec2 instance on the same region?

Yes, same region. No error. The LakeFS container immediately exits. docker logs shows no errors. That's another question.... Are there any other logs besides docker logs? My docker run LakeFS command is - docker run --network host treeverse/lakefs run -- config etc. It does not specify access key or secret key... we don't use long term credentials, the ec2 instance running the LakeFS container has IAM role that has all the s3 privileges. The EC2 metadata service should be available from within docker to get the access credentials. Any ideas?

@Sam - does this work for you: (assuming you prepared your storage of course):

docker run --pull always -p 8000:8000 \
   -e LAKEFS_BLOCKSTORE_TYPE='s3' \
   -e AWS_ACCESS_KEY_ID='YourAccessKeyValue' \
   -e AWS_SECRET_ACCESS_KEY='YourSecretKeyValue' \
   treeverse/lakefs run --local-settings

But we don't use long term IAM user credentials and generate ACCESS_KEY_ID and SECRET_ACCESS_KEY. So, I don't have an key and secret to specify. We use IAM roles attached to ec2 instance on which the LakeFS container is running.

Excellent. Thank YOU