jmeter - Performance Test - Upload dashboards to s3

Question

I wanted to upload my JMeter dashboards to s3. The JMeter tests are run in EC2 instances. I would like to use IAM roles instead of an access key to upload the dashboards to s3 for security reasons. I went through this page where files are uploaded using access key using HTTP requests. https://www.blazemeter.com/blog/how-to-handle-dynamic-aws-sigv4-in-jmeter-for-api-testing can the same be achieved through I am roles instead of access key or do I need to import java class to upload files using s3 client, instanceprofilecredentials provider, and processor

question from:https://stackoverflow.com/questions/65889898/performance-test-upload-dashboards-to-s3

Answer 1

Here is something you can try:

1. Create Role:

   aws iam create-role --role-name <PerfTest-EC2-Role-Name> --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service": "ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'

2. Add Role to EC2 Instance Profile:

   aws iam add-role-to-instance-profile --instance-profile-name <JMeter-EC2-InstanceProfile-ID> --role-name <PerfTest-EC2-Role-Name>

3. Grant the Role S3 permissions:

   cat << EOF > BucketPolicy.json
   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "PublicReadGetObject",
               "Effect": "Allow",
               "Principal": "*",
               "Action": [
                   "s3:GetObject"
               ],
               "Resource": "arn:aws:s3:::<Bucket-Name>/*"
           },
           {
               "Sid": "ServiceRoleWriteObject",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::<Client-ID>:role/<PerfTest-EC2-Role-Name>"
               },
               "Action": [
                   "s3:DeleteObject",
                   "s3:PutObject"
               ],
               "Resource": "arn:aws:s3:::<Bucket-Name>/*"
           }
       ]
   }
   EOF
   
   aws s3api put-bucket-policy --bucket <Bucket-Name> --policy file://BucketPolicy.json 
   

If 2. above fails with Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1 you can look at this answer.