[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile

Cyberduck trac at cyberduck.io
Tue Aug 21 11:58:20 UTC 2018


#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
 Reporter:  ekent        |         Owner:  dkocher
     Type:  defect       |        Status:  new
 Priority:  normal       |     Milestone:
Component:  s3           |       Version:  6.7.0
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:  macOS 10.12  |
-------------------------+------------------------

Comment (by ekent):

 If I'm reading this right, you suggest we remove the profile
 DPMProdMaster-RO and the role_arn from the credentials file?
 The Access key, secret key and session token are usable for multiple roles
 as they are cross account roles. Without a role defined, we would not be
 able to specify which account we want to look at S3 for.
 I've also tried removing the DPMProd... profile and added the role_arn
 under the default profile also, however the error is still the same.

 Using no role in the credentials file and specifying default in the
 cyerduck profile config - I get listing directory denied (which is
 expected).
 The keys are for an authentication AWS account, which has access to assume
 the role DPMProdMaster-RO, which is in another account.
 Am I to assume that the nifty new temporary credentials feature does not
 work with cross account/role based access?

--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:12>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list