ARTIFACTORY: Connect Artifactory to S3 Bucket with IAM Role

Prerequisites:

Artifactory v7.x deployed on AWS EKS Cluster

Artifactory Helm Chart

AWS S3 Bucket

 

Steps:

1. Create an IAM OIDC provider for your cluster:

https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html 

2. Create IAM Role with type "Web identity":

User-added image

3. Associate an IAM role to a service account using the values.yaml of Artifactory Helm Chart :

serviceAccount:
  create: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>

4. Configure the binarystore.xml using the values.yaml of Artifactory Helm Chart:

artifactory:
  persistence:
    awsS3V3:
      region: AWS_REGION
      bucketName: AWS_BUCKET_NAME
      useInstanceCredentials: true

5. Restart Artifactory
6. Deploy Artifact and verify it's uploaded to the S3 Bucket