Using EC2 instance role for S3 filestore access

We are configuring an instance of DHIS2 (version 2.36.4) in AWS EC2 and using the S3 file store. What we’d like to do is use an EC2 instance role to allow access to that S3 bucket so that we don’t need to maintain the AWS ID and secret in the config file.

We’ve configured it thus:

# Directory in external directory on local file system and bucket on AWS S3
filestore.container = /bucket/path/

# The following configuration is applicable to cloud storage only (AWS S3)

# Datacenter location. Optional but recommended for performance reasons.
filestore.location = us-west-2

# Username / Access key on AWS S3
filestore.identity =

# Password / Secret key on AWS S3 (sensitive)
filestore.secret =

But as yet this doesn’t seem to be working. There does seem to be an error in the Tomcat logs suggesting this won’t work:

* ERROR 2023-03-30T11:30:36,930 Exception occurred during processing request: An Authentication object was not found in the SecurityContext ( [http-nio-80
80-exec-6]) An Authentication object was not found in the SecurityContext

Has anyone been able to use instance roles for this purpose? Is there a different configuration set we should use to set that up? I believe we’re down a couple versions- is this possible in newer releases?

Thanks much

  • Michael