support AWS credentials from IAM role (#23)

* remove validation for aws access keys

* read credentials from environment variables

* validation for aws region

internal/oss/s3/s3_storage.go

@@ -21,20 +21,30 @@ type AWSS3Storage struct {
 }
 
 func NewAWSS3Storage(ak string, sk string, region string, bucket string) (oss.OSS, error) {
-	c, err := config.LoadDefaultConfig(
-		context.TODO(),
-		config.WithRegion(region),
-		config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
-			ak,
-			sk,
-			"",
-		)),
-	)
+	var cfg aws.Config
+	var err error
+
+	if ak == "" && sk == "" {
+		cfg, err = config.LoadDefaultConfig(
+			context.TODO(),
+			config.WithRegion(region),
+		)
+	} else {
+		cfg, err = config.LoadDefaultConfig(
+			context.TODO(),
+			config.WithRegion(region),
+			config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
+				ak,
+				sk,
+				"",
+			)),
+		)
+	}
 	if err != nil {
 		return nil, err
 	}
 
-	client := s3.NewFromConfig(c)
+	client := s3.NewFromConfig(cfg)
 
 	// check bucket
 	_, err = client.HeadBucket(context.TODO(), &s3.HeadBucketInput{

internal/types/app/config.go

@@ -153,8 +153,8 @@ func (c *Config) Validate() error {
 			return fmt.Errorf("plugin storage bucket is empty")
 		}
 
-		if c.AWSAccessKey == "" || c.AWSSecretKey == "" || c.AWSRegion == "" {
-			return fmt.Errorf("aws access key, secret key or region is empty")
+		if c.AWSRegion == "" {
+			return fmt.Errorf("aws region is empty")
 		}
 	}