Phabricator currently requires hardcoding AWS key/secret data into its config files to interface with S3/SES. When will it support automatically fetching standard AWS Instance credentials via an IAM Role?
Right now we’re forced to manually create an IAM user one-off for Phabricator, then manually generate a key/secret to drop into a secret management system, which then gets inserted into the config files.
This method is harder to support with tools like CloudFormation/Terraform, and AWS best practices are to use IAM Roles everywhere practical. Most packaged software that might run on AWS supports using these credentials if available. GCE supports a similar scheme for providing instance credentials to running software, so it’s not as if this is a crazy Amazon-only method of providing credentials.