IAM Roles on Amazon Elastic Compute Cloud (EC2) or Google Compute Engine (GCE)
Amazon Elastic Compute Cloud (EC2)
To use the WP Offload Media plugin with Amazon S3 you need to define an AWS access key and secret key. This can be stored in the database or defined in your wp-config.php file like this:
define( 'AS3CF_AWS_ACCESS_KEY_ID', '********************' );
define( 'AS3CF_AWS_SECRET_ACCESS_KEY', '**************************************' );
or preferably with
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'aws',
'access-key-id' => '********************',
'secret-access-key' => '**************************************',
) ) );
However, if you host your WordPress site on an EC2 instance you won’t necessarily want to distribute your access credentials onto the instance, and will want to make use of IAM Roles.
After creating an IAM role you can use the ‘AS3CF_AWS_USE_EC2_IAM_ROLE’ constant to tell WP Offload Media not to ask for or require the access keys:
define( 'AS3CF_AWS_USE_EC2_IAM_ROLE', true );
or preferably with
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'aws',
'use-server-roles' => true,
) ) );
Google Compute Engine (GCE)
To use the WP Offload Media plugin with Google Cloud Storage you need to provide a GCP Service Account Key File. This can be stored in the database or defined in your wp-config.php file like this:
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'gcp',
'key-file-path' => '/path/to/key/file.json',
) ) );
However, if you host your WordPress site on a GCE instance you won’t necessarily want to distribute your access credentials onto the instance, and will want to make use of IAM Roles.
After creating an IAM role you can use the ‘use-server-roles’ settings key instead of ‘key-file-path’ to tell WP Offload Media not to ask for or require a key file:
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'gcp',
'use-server-roles' => true,
) ) );
You can also use the ‘AS3CF_GCP_USE_GCE_IAM_ROLE’ constant to tell WP Offload Media not to ask for or require a key file:
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'gcp',
) ) );
define( 'AS3CF_GCP_USE_GCE_IAM_ROLE', true );
For backwards compatibility WP Offload Media will fallback to trying to use AWS as the storage provider if not told otherwise, hence the AS3CF_SETTINGS define is still required unless you intend to select the provider via the settings page.
IMPORTANT: Please ensure your Compute Engine VM instances have the correct Access Scope to be able to write to a Google Cloud Storage bucket as by default they only have read access, it’s easiest to Allow full access to all Cloud APIs and then control IAM Roles.