Clarify auth for S3 resources
Per an email from Christopher Harr:
All of the current servers have the IAM role:
prod-qidw.rsna.org
which have access to:
"Resource": [ "arn:aws:s3:::rsnaqidw", "arn:aws:s3:::rsnaqidw/", "arn:aws:s3:::rsnaqidw2", "arn:aws:s3:::rsnaqidw2/" ]
> (Full read/write)
However, the Girder instances at http://qidw.rsna.org/ and http://qidwstage.rsna.org/ are set up to access their S3 assetstore using credentials (Access key ID: AKIAJWHESPIIXZOHFQMQ). If IAM roles is the appropriate mechanism for authentication, we should switch and revoke the current Access key.
Edited by Brian Helba