[Enhancement] Remove AWS API key handling from Uli API Server config

[eternaltyro]

Is your feature request related to a problem? Please describe.

Currently AWS API keys are used directly in order to authenticate the Uli API server to AWS and authorise S3 access. We can secure this by removing these keys and using identity based Authz/AuthN.

Uli/browser-extension/api-server/s3.js

Lines 7 to 8 in 58e19f2

	accessKeyId: process.env.SERVICE_AWS_ACCESS_KEY_ID,
	secretAccessKey: process.env.SERVICE_AWS_SECRET_ACCESS_KEY,

Describe the solution you would like

@aws-sdk/client-s3 uses AWS credentials env module that automatically takes API keys from environment variables. We don't need to explicitly pass them. So instead of doing:

Uli/browser-extension/api-server/s3.js

Lines 12 to 14 in 58e19f2

	const s3client = new S3Client({
	credentials,
	});

We can do something simpler like:

const s3client = new S3Client();

The SDK would handle AWS AuthN automatically.

Describe alternatives you've considered

This makes the config more forgiving and secure. We can rely on the same environment variables for local developement but at the same time, we can take advantage of EKS Pod Identity - which provides a way of attaching an IAM role to a pod (just like EC2 instance profiles) to allow access to S3. Developers can use temporary credentials received via aws sso login --profile tattle or manually copying credentials from the login page.

We can effectively eliminate the need to handle or process AWS API keys in code.

Addtional Context

Of course, some keys have additional utility like SES access which we will need to consider while switching over.

References:

• https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html

[github-actions]

This issue is stale because it has been open for 30 days with no activity.