[Cyberduck-trac] [Cyberduck] #9992: CyberDuck to support AWS profiles
Cyberduck
trac at cyberduck.io
Tue Jun 27 11:05:12 UTC 2017
#9992: CyberDuck to support AWS profiles
---------------------+----------------------
Reporter: raccoon | Owner:
Type: feature | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 6.0.1
Severity: normal | Resolution:
Keywords: | Architecture: Intel
Platform: |
---------------------+----------------------
Description changed by raccoon:
Old description:
> CyberDuck doesn't support assume role functionalities of AWS.
>
> So it means that accessKeyID and accessToken from centralised
> authentication
> account can't be used to access a bucket in a different account.
>
> AWS Sdks and aws cli for example support profiles nicely and more and
> more programs does it too.
> ex:
> awscli -profile "accountprod"
> awscli -profile "accountperf"
>
> Would be awesome if you could include this functionality, its actually
> part of AWS best practises.
> Basically , one checkbox to activate profile, and if checked, a new
> textbox to specify the profile that are usually stored in
> .aws/credentials
>
> example:
> [default]
> aws_access_key_id = AKIA....
> aws_secret_access_key =
>
> [profileprod]
> region=us-east-1
> role_arn=arn:aws:iam::1234567890:role/cross-account-access
> source_profile=default
>
> [profileperf]
> region=us-east-1
> role_arn=arn:aws:iam::0987654321:role/cross-account-access
> source_profile=default
>
> [profiletest]
> region=us-east-1
> role_arn=arn:aws:iam::010203040506:role/cross-account-access
> source_profile=default
>
> Thanks a lot.
New description:
CyberDuck doesn't support assume role functionalities of AWS.
So it means that accessKeyID and accessToken from centralised
authentication
account can't be used to access a bucket in a different account.
AWS Sdks and aws cli for example support profiles nicely and more and more
programs does it too.
ex:[[BR]]
{{{ awscli -profile "accountprod" }}}
{{{ awscli -profile "accountperf" }}}
Would be awesome if you could include this functionality, its actually
part of AWS best practises.
Basically , one checkbox to activate profile, and if checked, a new
textbox to specify the profile that are usually stored in
{{{ .aws/credentials }}}
example:
{{{
[default]
aws_access_key_id = AKIA....
aws_secret_access_key =
[profileprod]
region=us-east-1
role_arn=arn:aws:iam::1234567890:role/cross-account-access
source_profile=default
[profileperf]
region=us-east-1
role_arn=arn:aws:iam::0987654321:role/cross-account-access
source_profile=default
[profiletest]
region=us-east-1
role_arn=arn:aws:iam::010203040506:role/cross-account-access
source_profile=default
}}}
Thanks a lot.
--
--
Ticket URL: <https://trac.cyberduck.io/ticket/9992#comment:1>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list