Amazon S3 Authentication types
When setting up an Amazon S3 media on AWS Signature Version 4, you can select the type of authentication used to access the media. You can use either Access Key or Role authentication.
Access Key authentication
Access key authentication requires the generated Access Key Id (username) and Secret Access Key (password) for an IAM user.
Role authentication
Role authentication requires an IAM user that is configured with the AssumeRole privilege Permissions associated with each role that define the features of the application a user is able to view and the functionality in the application the user can access. and a role that is configured in a trust relationship with that user. The role must have a policy attached that enables access to S3 buckets.
Example:
-
The user configures a default IAM user named TestUser with its Access Key Id and Secret Access Key.
-
The AWS admin attaches the AssumeRole policy to TestUser.
-
The AWS admin creates a Role named TestRoleand attaches the AmazonS3FullAccess policy to that role.
-
The AWS admin establishes a trust relationship between TestUser and TestRole.
-
The user creates an Amazon V4 media with Role Authentication. TestUser assumes TestRole. Because TestRole has AmazonS3FullAccess, TestUser also has AmazonS3FullAccess.
"Using the Default Credential Provider Chain" (https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html)