[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile

Cyberduck trac at cyberduck.io
Tue Aug 21 11:40:20 UTC 2018


#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
 Reporter:  ekent        |         Owner:  dkocher
     Type:  defect       |        Status:  new
 Priority:  normal       |     Milestone:
Component:  s3           |       Version:  6.7.0
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:  macOS 10.12  |
-------------------------+------------------------

Comment (by dkocher):

 We try to obtain a new session token from AWS STS using the credentials in
 the AWS CLI profile named `DPMProdMaster-RO` but you suggest that we
 should just connect with the already given credentials saved in the
 profile. This happens because we detect the `DPMProdMaster-RO` profile to
 be a role based configuration (logged via `Configure credentials from role
 based profile DPMProdMaster-RO`) because we find the configuration option
 `role_arn` set. Please try to remove this property and only include
 `aws_access_key_id`, `aws_secret_access_key` and `aws_session_token` when
 generating the entry from your script.

--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:11>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list