Relevant Versions: This information pertains to Artifactory versions 7.x
Artifactory can connect to S3 object storage using an IAM role instead of an IAM user (which renders obsolete the need to rely on hard-coded credentials on the configuration file).
After the IAM role has been created to allow access to your Artifactory, Artifactory needs to be configured to use AWS S3 using the IAM role. Instructions on how to do this are available HERE.
Following is an example configuration for "S3 Direct Upload Template (Recommended)", which can be added to Artifactory’s binarystore.xml configuration file located in the $JFROG_HOME/artifactory/var/etc/artifactory folder:
<config version="2"> <chain> <provider id="cache-fs" type="cache-fs"> <provider id="s3-storage-v3" type="s3-storage-v3"/> </provider> </chain> <provider id="s3-storage-v3" type="s3-storage-v3"> <endpoint>s3.amazonaws.com</endpoint> <bucketName>bucketName</bucketName> <path>pathPrefix</path> <region>s3Region</region> <useInstanceCredentials>true</useInstanceCredentials> </provider> </config>
Note: When the useInstanceCredentials flag is enabled, the connection to the AWS S3 bucket will use the default Amazon provider chain credentials according to the Authentication mechanism