AWS Cloud Metadata Abuse by UNC2903 Will this impact the s3 archival provider?

madhu · January 25, 2023, 6:15am

This security issue talks about using the metadata api to gain access to aws services.
From what i have seen so far, i am not sure this impacts the s3 archival provider (s3store) temporal/common/archiver/s3store at master · temporalio/temporal · GitHub

Can some one have a look and confirm?

tihomir · January 29, 2023, 4:04am

Thanks for sharing. From this article trying to understand what you would propose to be added to s3 connection config for s3?
Currently it defines Endpoint, Region and S3ForcePathStyle

Topic		Replies	Views
Is adding custom archival provider a hack? Community Support server	1	397	November 28, 2021
Issue with Archival with AWS S3 provider Community Support helm , s3 , archival	5	161	February 5, 2024
Configuring a private S3 endpoint for archival Server Deployment s3 , archival	0	165	December 19, 2023
Temporal s3 archival issues Community Support archival	7	1158	May 30, 2022
AWS Keys updated every 10 hours in credential file Community Support go-sdk	7	716	February 5, 2022

AWS Cloud Metadata Abuse by UNC2903 Will this impact the s3 archival provider?

Related Topics