Merge pull request #2050 from ResearchHub/remove-aws-creds

chore: Remove AWS credentials
ResearchHub · Dec 19, 2024 · f67c68b · f67c68b
2 parents 19361d2 + 7ada166
commit f67c68b
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 41 deletions.
diff --git a/src/config/ci/keys.py b/src/config/ci/keys.py
@@ -3,10 +3,7 @@
 SECRET_KEY = os.environ.get("SECRET_KEY", "test")
 
 AWS_ACCOUNT_ID = os.environ.get("AWS_ACCOUNT_ID", "awsAccountId1")
-AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", "NOT_REAL")
-AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY", "NOT_REAL")
 AWS_REGION_NAME = os.environ.get("AWS_REGION_NAME", "awsRegionName1")
-AWS_ROLE_ARN = os.environ.get("AWS_ROLE_ARN", "")
 AWS_STORAGE_BUCKET_NAME = os.environ.get("AWS_STORAGE_BUCKET_NAME", "awsBucketName1")
 AWS_SES_REGION_ENDPOINT = os.environ.get("AWS_SES_REGION_ENDPOINT", "")
 

diff --git a/src/config/keys.py b/src/config/keys.py
@@ -3,10 +3,7 @@
 SECRET_KEY = os.environ.get("SECRET_KEY", "development")
 
 AWS_ACCOUNT_ID = os.environ.get("AWS_ACCOUNT_ID", "")
-AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", "")
-AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY", "")
 AWS_REGION_NAME = os.environ.get("AWS_REGION_NAME", "")
-AWS_ROLE_ARN = os.environ.get("AWS_ROLE_ARN", "")
 AWS_STORAGE_BUCKET_NAME = os.environ.get("AWS_STORAGE_BUCKET_NAME", "")
 AWS_SES_REGION_ENDPOINT = os.environ.get("AWS_SES_REGION_ENDPOINT", "")
 

diff --git a/src/researchhub/settings.py b/src/researchhub/settings.py
@@ -522,16 +522,10 @@ def silky_capture(request):
 STATIC_ROOT = os.path.join(BASE_DIR, "static")
 STATICFILES_DIRS = ["stylesheets"]
 
-
 # AWS
 
-AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", keys.AWS_ACCESS_KEY_ID)
-AWS_SECRET_ACCESS_KEY = os.environ.get(
-    "AWS_SECRET_ACCESS_KEY", keys.AWS_SECRET_ACCESS_KEY
-)
 AWS_ACCOUNT_ID = os.environ.get("AWS_ACCOUNT_ID", keys.AWS_ACCOUNT_ID)
 AWS_REGION_NAME = os.environ.get("AWS_REGION_NAME", keys.AWS_REGION_NAME)
-AWS_ROLE_ARN = os.environ.get("AWS_ROLE_ARN", keys.AWS_ROLE_ARN)
 
 # AWS Lambda
 

diff --git a/src/utils/aws.py b/src/utils/aws.py
@@ -105,34 +105,6 @@ def download_pdf(url):
 def create_client(service_name: str) -> boto3.client:
     """
     Create a boto3 client for the given service.
-    The function uses role-based authentication if `AWS_ROLE_ARN` is set.
     """
     session = Session()
-    if settings.AWS_ROLE_ARN:
-        sts_client = session.client(
-            "sts",
-            aws_access_key_id=settings.AWS_ACCESS_KEY_ID,
-            aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY,
-        )
-
-        assumed_role_object = sts_client.assume_role(
-            RoleArn=settings.AWS_ROLE_ARN,
-            RoleSessionName="AssumeRoleSession",
-        )
-
-        credentials = assumed_role_object["Credentials"]
-
-        client = session.client(
-            service_name,
-            aws_access_key_id=credentials["AccessKeyId"],
-            aws_secret_access_key=credentials["SecretAccessKey"],
-            aws_session_token=credentials["SessionToken"],
-        )
-    else:
-        client = session.client(
-            service_name,
-            aws_access_key_id=settings.AWS_ACCESS_KEY_ID,
-            aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY,
-        )
-
-    return client
+    return session.client(service_name)