Using IAM Roles with Litestream Integration

Self-Host
1

Hi everyone,

I’m currently using NocoDB with Litestream integration on AWS Fargate and had to create an IAM user to obtain an access key, which I then passed as an environment variable to NocoDB. However, in my company, we’re encouraged to use IAM roles instead of IAM users for such scenarios, as it’s considered best practice.

The reason I had to create an IAM user lies in the configuration options of NocoDB. We’re using the Litestream integration to persist data in S3, which requires an access key (e.g. LITESTREAM_S3_ACCESS_KEY_ID). I obtained this access key through the newly created user.

What I found interesting is that when using storage without Litestream, a role is used if no access key is provided. According to the documentation, this is not the case for Litestream.

  • Why wasn’t the Litestream integration implemented similarly to storage, allowing the use of IAM roles?
  • Are there alternative ways to use Litestream without creating a separate IAM user for it?

I’d appreciate any insights or suggestions on how to achieve this, as it would align with our company’s security best practices.

I’m still quite new to AWS. Please keep in mind I may not have a complete understanding. If I’ve made any incorrect assumptions, I’d appreciate it if you could take this into consideration when responding.

Thanks in advance for your help!

2

We highly suggest to use using postgres for NC_DB variable. And not sqlite for production.

Between why are you using sqlite being on aws ?

3

We decided to use Litestream with sqlite on S3 mainly because it was easy to set up and to use. We also assumed it is cheaper than running a postgres instance 24/7 or using some serverless variant of it.

Even though we need to follow some security best practices of our company, this is not a production application. It is only used internally by some few people of our team.