Inject Host, Access key and Secret to Temporal S3 archiver

Usecase
We are using an in-house wrapper of S3 to store archived data.

In the archival documentation, there is a link to AWS confluence on setting up the credentials.
As it’s an in-house wrapper of S3, it may not work.

I can get the access key and secret key myself. I want to know how to inject these host, access credentials into the archival flow?

As you mentioned, docs reference:
Configuring the AWS SDK for Go - AWS SDK for Go for setting up credentials. Can you explain why that would not work in your case (would setting up env vars not work)?

sorry, my bad. I was able to get it to work by following the AWS Documentation.

@Vikas_NS
could you please share how you got the s3 credentials working here?
It would be very helpful to have it for community.

As temporal uses AWS Standard SDK, all the options mentioned in Configuring the AWS SDK for Go - AWS SDK for Go should work.

As the S3 I am using is an in-house flavor of AWS S3, I was concerned it may not work. But I was wrong, it worked fine.

As we are still in testing/exploring mode, I took the easiest approach.
Added the below two environment variables to the temporal container.

aws_access_key_id = <YOUR_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>
1 Like

Hello @tihomir

Are you planning to implement serviceAccount + IAM role, to replace IAM user?
I’ve raised this request [Feature Request] [Archival] [s3 provider] use IAM role + serviceAccount · Issue #464 · temporalio/helm-charts · GitHub

Best regards,
Luís Costa