Ubuntu
duplicity package

Using duplicity and IAM roles on AWS instances

Asked by hebbo

Hello,

this is a question aboutj using IAM roles to access S3 buckets with duply/duplicity.

I have tried to use duply/duplicity to restore/backup against an S3 bucket, using the AWS instance IAM role as authentication.
I guess the following error:

BackendException: Access Denied
09:01:26.174 Task 'RESTORE' failed with exit code '23'.

If I set TARGET_PASS and TARGET_USER to key/secret it works all right. I was wondering why duplicity/boto is not using the associated instance IAM role to authenticate on S3. Maybe an issue with duply?
(I tried setting TARGET_USER and TARGET_PASS to blank but the same error.

Thanks on advance.

$ duplicity --version
duplicity 0.7.04

$ duply --version
duply version 1.9.2

$ pip show boto
Name: boto
Version: 2.38.0

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu duplicity Edit question
Assignee:
No assignee Edit question
Solved by:
hebbo
Solved:
Last query:
Last reply:
Revision history for this message
hebbo (angel-pr1984) said : 		#1

I got duply accessing the target s3 bucket without using an AWS key pair:

- duplicity 0.7.04 itself can run without credentials on a S3 backend if the AWS instance where it runs has an IAM role associated with the right permissions assigned.

- Duply 1.10.1 will also run using the AIM role associated to the instance if no TARGET_USER and TARGET_PASS are set on the duply profile . (That's not the case for duply version 1.9.2, where credentials were ALWAYS inserted on the backend url).

Thanks
Angel