[Cyberduck-trac] [Cyberduck] #9992: CyberDuck to support AWS profiles

Cyberduck trac at cyberduck.io
Tue Jun 27 11:05:12 UTC 2017 

#9992: CyberDuck to support AWS profiles
---------------------+----------------------
 Reporter:  raccoon  |         Owner:
     Type:  feature  |        Status:  new
 Priority:  normal   |     Milestone:
Component:  s3       |       Version:  6.0.1
 Severity:  normal   |    Resolution:
 Keywords:           |  Architecture:  Intel
 Platform:           |
---------------------+----------------------
Description changed by raccoon:

Old description:

> CyberDuck doesn't support assume role functionalities of AWS.
>
> So it means that accessKeyID and accessToken from centralised
> authentication
> account can't be used to access a bucket in a different account.
>
> AWS Sdks and aws cli for example support profiles nicely and more and
> more programs does it too.
> ex:
> awscli -profile "accountprod"
> awscli -profile "accountperf"
>
> Would be awesome if you could include this functionality, its actually
> part of AWS best practises.
> Basically , one checkbox to activate profile, and if checked, a new
> textbox to specify the profile that are usually stored in
> .aws/credentials
>
> example:
> [default]
> aws_access_key_id = AKIA....
> aws_secret_access_key =
>
> [profileprod]
> region=us-east-1
> role_arn=arn:aws:iam::1234567890:role/cross-account-access
> source_profile=default
>
> [profileperf]
> region=us-east-1
> role_arn=arn:aws:iam::0987654321:role/cross-account-access
> source_profile=default
>
> [profiletest]
> region=us-east-1
> role_arn=arn:aws:iam::010203040506:role/cross-account-access
> source_profile=default
>
> Thanks a lot.

New description:

 CyberDuck doesn't support assume role functionalities of AWS.

 So it means that accessKeyID and accessToken from centralised
 authentication
 account can't be used to access a bucket in a different account.

 AWS Sdks and aws cli for example support profiles nicely and more and more
 programs does it too.
 ex:[[BR]]

 {{{ awscli -profile "accountprod" }}}

 {{{ awscli -profile "accountperf" }}}

 Would be awesome if you could include this functionality, its actually
 part of AWS best practises.
 Basically , one checkbox to activate profile, and if checked, a new
 textbox to specify the profile that are usually stored in
 {{{ .aws/credentials }}}

 example:
 {{{
 [default]
 aws_access_key_id = AKIA....
 aws_secret_access_key =

 [profileprod]
 region=us-east-1
 role_arn=arn:aws:iam::1234567890:role/cross-account-access
 source_profile=default

 [profileperf]
 region=us-east-1
 role_arn=arn:aws:iam::0987654321:role/cross-account-access
 source_profile=default

 [profiletest]
 region=us-east-1
 role_arn=arn:aws:iam::010203040506:role/cross-account-access
 source_profile=default
 }}}
 Thanks a lot.

--

--
Ticket URL: <https://trac.cyberduck.io/ticket/9992#comment:1>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list