Mattermost, Inc.

S3 encryption at rest and VPC endpoint

Hi there -

I’m still evaluating Mattermost and have a couple of question S3 related. I would like to have more clarification about the following points:

  • S3 Encryption

I’ve noticed that object stored into S3 does not have AES encryption flag enabled. AmazonS3SSL is set to True , but it only means the connection is done through HTTPS, not that the object is actually encrypted at a server side level. Is there any configuration file I’m missing or this feature is just not supported as of today ?

  • S3 VPC endpoint

It looks like Mattermost does not work if you specify a VPC endpoint (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) for S3. According to https://github.com/mattermost/platform/blob/f02620b291b988848392c455a7719699f6b5c00f/vendor/github.com/minio/minio-go/s3-endpoints.go , only public endpoints are supported Am I missing something? A private S3 endpoint looks like com.amazonaws.us-west-2.s3.

  • Support IAM Role

Is this possible to use IAM Role with S3 permissions instead of passing AWS Access/secret key on config.json?

Thanks

Thanks @mi1234 for the feedback!

We’d be thrilled to support each of these features!

We have recently opened a Help Wanted issue for S3 VPC endpoints

For S3 encryption and supporting IAM role, would you be open for creating GitHub issues for them? We discussed it among devs and would be open to creating Help Wanted issues for the community to help with.