From 0dbaea5e54c97dc6e903c53ce743755ef15aa6a9 Mon Sep 17 00:00:00 2001
From: Brad Davidson <brad.davidson@rancher.com>
Date: Wed, 15 Jan 2025 22:25:32 +0000
Subject: [PATCH] Add support for AWS shared credentials file

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---
 pkg/etcd/s3/s3.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/pkg/etcd/s3/s3.go b/pkg/etcd/s3/s3.go
index 39ffecd2bc2e..9795eb19b9fd 100644
--- a/pkg/etcd/s3/s3.go
+++ b/pkg/etcd/s3/s3.go
@@ -199,14 +199,16 @@ func (c *Controller) GetClient(ctx context.Context, etcdS3 *config.EtcdS3) (*Cli
 		tr.Proxy = http.ProxyURL(u)
 	}
 
-	var creds *credentials.Credentials
-	if len(etcdS3.AccessKey) == 0 && len(etcdS3.SecretKey) == 0 {
-		creds = credentials.NewIAM("") // for running on ec2 instance
-		if _, err := creds.Get(); err != nil {
-			return nil, errors.Wrap(err, "failed to get IAM credentials")
-		}
-	} else {
-		creds = credentials.NewStaticV4(etcdS3.AccessKey, etcdS3.SecretKey, "")
+	creds := credentials.NewChainCredentials([]credentials.Provider{
+		credentials.NewStaticV4(etcdS3.AccessKey, etcdS3.SecretKey, ""),
+		credentials.NewFileAWSCredentials("", ""),
+		credentials.NewIAM(""),
+	})
+
+	if cval, err := creds.Get(); err != nil {
+		return nil, errors.Wrap(err, "failed to get credentials")
+	} else if cval.SignerType == credentials.SignatureAnonymous {
+		return nil, errors.New("all credential providers failed; cannot use anonymous")
 	}
 
 	opt := minio.Options{