<@ULVA73B9P> When I want an S3 bucket as cache sto...
# ask-marvinm
Marius Haberstock
08/22/2025, 3:58 PM@Marvin When I want an S3 bucket as cache storage for my flow runs, do I need to provide an aws secret key? what if i want prefect to use the role of the ec2 instance it is running on?
m
Marvin
08/22/2025, 3:59 PM✅ thought for 266.1 seconds
Marvin
08/22/2025, 4:03 PMShort answer: No — you don’t need to provide an AWS secret key. Prefect’s AWS integrations use boto3 under the hood, so they follow the standard AWS credential provider chain. If your flow runs on an EC2 instance with an attached IAM role (instance profile) that has S3 permissions, Prefect will use that role automatically as long as you don’t explicitly pass credentials.
What to set up
- Ensure the instance role has the necessary S3 permissions (e.g., s3:PutObject, s3:GetObject, s3:ListBucket for your bucket/prefix).
- If you’re running in a container on EC2/ECS/EKS, make sure the runtime can access its role credentials (IMDSv2 on EC2, task role on ECS, IRSA on EKS). boto3 will pick these up automatically.
Two easy ways to use S3 for results/caching in Prefect 3.x
1) Using RemoteFileSystem (no explicit AWS creds)
Copy code
from prefect import flow
from prefect.filesystems import RemoteFileSystem
s3_store = RemoteFileSystem(basepath="<s3://my-bucket/prefect/results/>")
@flow(result_storage=s3_store, persist_result=True)
def my_flow():
return "hello" Copy code
from prefect import flow
from prefect_aws.s3 import S3Bucket
# Do not pass AwsCredentials — boto3 will use the instance role
s3_store = S3Bucket(bucket_name="my-bucket", basepath="prefect/results/")
@flow(result_storage=s3_store, persist_result=True)
def my_flow():
return "hello"cache_policyresult_storageAwsCredentials