s3 with credentials

lrytz · lrytz · commit f61be5200211 · 2018-02-27T15:30:37.000+01:00
diff --git a/build.sbt b/build.sbt
@@ -20,21 +20,28 @@ mappings in upload := Seq()
 
 upload := {
   import com.amazonaws.{ClientConfiguration, Protocol}
-  import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
+  import com.amazonaws.auth.{BasicAWSCredentials, AWSStaticCredentialsProvider, DefaultAWSCredentialsProviderChain}
   import com.amazonaws.services.s3.AmazonS3ClientBuilder
-  import com.amazonaws.services.s3.model.{CannedAccessControlList, PutObjectRequest}
+  import com.amazonaws.services.s3.model.PutObjectRequest
   import com.amazonaws.regions.Regions
 
-  // the publishing job runs on an EC2 instance that has access to the S3 bucket via its IAM instance profile
-  val client = AmazonS3ClientBuilder.standard.withRegion(Regions.US_EAST_1).build 
+  def env(v: String) = {
+    val r = System.getenv(v)
+    assert(r != null, s"Credentials env not specified: $v")
+    r
+  }
+
+  val awsCreds = new BasicAWSCredentials(env("AWS_ACCESS_KEY_ID"), env("AWS_SECRET_ACCESS_KEY"))
+  val client = AmazonS3ClientBuilder.standard
+    .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
+    .withRegion(Regions.US_EAST_1)
+    .build
 
   val log = streams.value.log
 
   (mappings in upload).value map { case (file, key) =>
     log.info("Uploading "+ file.getAbsolutePath() +" as "+ key)
-
-    // since the s3 bucket is in a separate account from where the EC2 CI instances are, must explicitly set acl as public-read
-    client.putObject(new PutObjectRequest("downloads.typesafe.com", key, file).withCannedAcl(CannedAccessControlList.PublicRead))
+    client.putObject(new PutObjectRequest("downloads.typesafe.com", key, file))
   }
 }
 
