AWS documentation for IAM and S3 indicate that it is better practice to grant permissions to IAM roles than to grant permissions to individual users.
I’ve been asked to eliminate the backup user account I created almost a year ago and switch to using an IAM role.
Can restic be configured to connect to S3 with an IAM role attached to the EC2 instance?
The S3 backend should automatically use IAM roles attached to an EC2 instance if you don’t provide any other credentials: restic/internal/backend/s3/s3.go at da479673165968bd09d99720f0dd61edda536ca8 · restic/restic · GitHub
(There’s also assume role functionality, see Allow AWS Assume Role by ekristen · Pull Request #4474 · restic/restic · GitHub . Although your question sounds like your looking for the first suggestion, not this one.)
Thank you. I thought it might be the case, but most tutorials I found reference the dedicated user and access key. I’ll let me team know so we can test it on our development server.
Yes, that area is rather under-documented. If someone wants to extend the docs at restic/doc at master · restic/restic · GitHub , feel free to open a PR.