feat: [sc-26323] Remove the use of AWS secret keys in NameGraph (#332)

* do not use auth in the s3 downloader

* remove s3 keys from ci and dockerfile

Author: Byczong

.github/workflows/build.yml

@@ -24,8 +24,6 @@ jobs:
       - name: build image
         run: |
           docker build \
-          --build-arg AWS_SECRET_ACCESS_KEY \
-          --build-arg AWS_ACCESS_KEY_ID \
           -t ${ECR_REPOSITORY}:commit_$(git rev-parse --short "$GITHUB_SHA") \
           -t ${ECR_REPOSITORY}:${PROD_IMAGE_TAG} \
           .

.github/workflows/ci.yml

@@ -39,9 +39,6 @@ jobs:
           key: cache-v1.1
 
       - name: Download data
-        env:
-          S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
-          S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
         run: |
             ln -s ../tests/data/wikipedia2vec.pkl data/wikipedia2vec.pkl
             touch data/wikipedia2vec.pkl.vectors.npy

Dockerfile

@@ -17,9 +17,6 @@ RUN poetry install --only main --no-root --no-interaction --no-ansi
 RUN poetry self add poetry-plugin-export
 RUN poetry export -f requirements.txt -o requirements.txt
 
-ARG AWS_SECRET_ACCESS_KEY
-ARG AWS_ACCESS_KEY_ID
-
 COPY data/ data
 
 RUN mkdir namegraph

namegraph/download_from_s3.py

@@ -4,30 +4,23 @@
 
 import tarfile
 import boto3
+import botocore
 import hydra
 
-from dotenv import load_dotenv
 from omegaconf import DictConfig
 
 
 class S3Downloader:
     def __init__(self):
         self.s3_client = None
+        self.region_name = 'us-east-1'
         self.bucket = 'prod-name-generator-namegeneratori-inputss3bucket-c26jqo3twfxy'
 
     def get_client(self):
         if self.s3_client is None:
-            load_dotenv()
-
-            S3_ACCESS_KEY_ID = os.getenv('S3_ACCESS_KEY_ID')
-            S3_SECRET_ACCESS_KEY = os.getenv('S3_SECRET_ACCESS_KEY')
-            REGION_NAME = 'us-east-1'
-            self.s3_client = boto3.client('s3',
-                                          aws_access_key_id=S3_ACCESS_KEY_ID,
-                                          aws_secret_access_key=S3_SECRET_ACCESS_KEY,
-                                          region_name=REGION_NAME
-                                          )
-
+            self.s3_client = boto3.client(
+                's3', region_name=self.region_name, config=botocore.config.Config(signature_version=botocore.UNSIGNED)
+            )
         return self.s3_client
 
     def download_file(self, url, path, override=True):