1. What is the nature and description of the request?

In the AAP 2.5 containerized bundle install, it looks like in order to use S3 storage with Automation Hub, an AWS access and secret key is required. However, our EC2 instances that run AAP should be able to use the IAM role that the EC2 instance runs on to have the proper permissions to r/w an S3 bucket.

In our environment, we rarely maintain access/secret keys for AWS.

This is a request for enhancement to update the installer to not require access keys/secret keys in collections/ansible_collections/ansible/containerized_installer/roles/preflight/tasks/automationhub.yml, lines 91-101:

• name: Ensure AWS S3 storage variables are provided
  ansible.builtin.assert:
  that:
• hub_s3_access_key is defined
• hub_s3_access_key | length
• hub_s3_secret_key is defined
• hub_s3_secret_key | length
  fail_msg: 'hub_s3_access_key and hub_s3_secret_key must be set and not empty'
  when:
• hub_storage_backend is defined
• hub_storage_backend == 's3'

Perhaps a new variable along the lines of "hub_s3_use_iam" to override the above

1. Why does the customer need this? (List the business requirements here)

Our group does not use access keys when performing actions against AWS using EC2 instances. Instead, the IAM role that the EC2 instances run on include all of the permissions necessary for AWS interaction. As such, we need to be able to bypass the requirement of using access keys when using S3 for Automation Hub storage, instead depending on the IAM role permissions of the EC2 instance running AAP.

No timelines but this is a blocker for us being able to use S3 for storage with Automation Hub. Instead we are then required to use 'file' access which ends up costing us more due to EFS costing more than S3 in AWS