Hi there -
I’m still evaluating Mattermost and have a couple of question S3 related. I would like to have more clarification about the following points:
- S3 Encryption
I’ve noticed that object stored into S3 does not have AES encryption flag enabled. AmazonS3SSL
is set to True
, but it only means the connection is done through HTTPS, not that the object is actually encrypted at a server side level. Is there any configuration file I’m missing or this feature is just not supported as of today ?
- S3 VPC endpoint
It looks like Mattermost does not work if you specify a VPC endpoint (AWS PrivateLink concepts - Amazon Virtual Private Cloud) for S3. According to mattermost-server/s3-endpoints.go at f02620b291b988848392c455a7719699f6b5c00f · mattermost/mattermost-server · GitHub , only public endpoints are supported Am I missing something? A private S3 endpoint looks like com.amazonaws.us-west-2.s3.
- Support IAM Role
Is this possible to use IAM Role with S3 permissions instead of passing AWS Access/secret key on config.json?
Thanks