From 4d3a3345b5f5a490b96f8b86033e6fa0e9ebe1f1 Mon Sep 17 00:00:00 2001
From: Marcus Stewart Hughes <hello@entirely.pro>
Date: Tue, 28 Feb 2017 12:23:50 +0000
Subject: [PATCH] If an IAM role is present, don't export AWS credentials.

---
 mysql-backup-s3/backup.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh
index 0d0c36a..9e19982 100644
--- a/mysql-backup-s3/backup.sh
+++ b/mysql-backup-s3/backup.sh
@@ -30,10 +30,12 @@ if [ "${MYSQL_PASSWORD}" == "**None**" ]; then
   exit 1
 fi
 
-# env vars needed for aws tools
-export AWS_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID
-export AWS_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY
-export AWS_DEFAULT_REGION=$S3_REGION
+if [ "${S3_IAMROLE}" != "true" ]; then
+  # env vars needed for aws tools - only if an IAM role is not used
+  export AWS_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID
+  export AWS_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY
+  export AWS_DEFAULT_REGION=$S3_REGION
+fi
 
 MYSQL_HOST_OPTS="-h $MYSQL_HOST -P $MYSQL_PORT -u$MYSQL_USER -p$MYSQL_PASSWORD"
 DUMP_START_TIME=$(date +"%Y-%m-%dT%H%M%SZ")