Support AWS Assume Role

[ekristen]

Output of restic version

restic 0.16.0 compiled with go1.20.6 on darwin/amd64

What should restic do differently? Which functionality do you think we should add?

Support Assuming a Role with AWS for S3 storage. Currently AWS IRSA, config, env vars all work, but if you need to use credentials to assume a role first and then use those credentials, it does not work.

I will offer to do the PR, it will require the following:

• using AWS SDK
• adding 3 new configuration items

Based on current implementation either as backend options or environment variables (I think environment variables makes the most sense here, the question is how to prefix them)

Once the standard credential collection happens, if role arn is set, an additional set of calls would be made to change the credentials out using STS.

What are you trying to do? What problem would this solve?

Using restic in a series of scripts that has basic permissions in AWS, however I need it to backup to different s3 buckets using different roles.

Did restic help you today? Did it make you happy in any way?

Great tool!

Hi,

Is this planned to be included in a restic release? I am very much interested in this functionality as we run restic across our fleet of servers and they encompass different AWS accounts. I checked 0.16.5 which came out a few days ago but this functionality is not in there.

Thanks,
Tom

cc: @ekristen @MichaelEischer (Sorry not sure if it notifies if the issue's closed)

[MichaelEischer]

restic 0.16.5 is purely a dependency update release. New features will be included in restic 0.17.0, which isn't that far out but might still take a few weeks until we can release it.