Do not enable anonymous access when --iam is used

yandex-cloud · Jan 21, 2025 · a47ba58 · a47ba58
1 parent dfa23e7
commit a47ba58
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/core/backend_s3.go b/core/backend_s3.go
@@ -325,7 +325,7 @@ func (s *S3Backend) detectBucketLocationByHEAD() (err error, isAws bool) {
 	switch resp.StatusCode {
 	case 200:
 		// note that this only happen if the bucket is in us-east-1
-		if len(s.config.Profile) == 0 && os.Getenv("AWS_ACCESS_KEY_ID") == "" {
+		if len(s.config.Profile) == 0 && os.Getenv("AWS_ACCESS_KEY_ID") == "" && !s.config.UseIAM {
 			s.awsConfig.Credentials = credentials.AnonymousCredentials
 			s3Log.Infof("anonymous bucket detected")
 		}

diff --git a/core/cfg/flags.go b/core/cfg/flags.go
@@ -261,7 +261,7 @@ MISC OPTIONS:
 
 		cli.BoolFlag{
 			Name:  "no-detect",
-			Usage: "Turn off bucket location and signature algorithm autodetection on start",
+			Usage: "Turn off autodetection of anonymous access, bucket location and signature algorithm on start",
 		},
 
 		cli.BoolFlag{