1

Heroku: Using AWS S3 to Store Static Assets and File Uploads suggests using my AWS security credentials to enable my Heroku app to access my Amazon S3 bucket.

However, isn't it better practice (as explained in IAM Roles: Providing access to third parties) to use an IAM role to grant my Heroku app access to my Amazon S3 bucket?

If that's not possible, would the next best option be to create an IAM user (with credentials) just for use with my Heroku app?

ma11hew28
  • 779
  • 2
  • 9
  • 17

1 Answers1

0

IAM roles apply to your servers, not Heroku's, so they're not an option here.

Yes, you can - and should - give them access using an IAM user with limited permissions instead of your root user. It'd be nice if Heroku would add that to their docs, but I imagine they wanted to keep peoples' first go at it simpler.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • How do you know that IAM roles don't apply to Heroku's servers? Have you read [IAM Roles: Providing access to third parties](http://docs.aws.amazon.com/IAM/latest/User?Guide/roles-toplevel.html#roles-thirdparty)? Doesn't Heroku use AWS for their servers? – ma11hew28 Jun 16 '15 at 20:49
  • @MattDiPasquale That's a broken link, and my understanding of how Heroku's dynos work would prevent you from using roles with them. Feel free to reach out to Heroku support if you feel otherwise. – ceejayoz Jun 16 '15 at 21:19
  • Oops! http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html#roles-thirdparty – ma11hew28 Jun 16 '15 at 21:37