[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile
Cyberduck
trac at cyberduck.io
Tue Aug 21 11:58:20 UTC 2018
#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
Reporter: ekent | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 6.7.0
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: macOS 10.12 |
-------------------------+------------------------
Comment (by ekent):
If I'm reading this right, you suggest we remove the profile
DPMProdMaster-RO and the role_arn from the credentials file?
The Access key, secret key and session token are usable for multiple roles
as they are cross account roles. Without a role defined, we would not be
able to specify which account we want to look at S3 for.
I've also tried removing the DPMProd... profile and added the role_arn
under the default profile also, however the error is still the same.
Using no role in the credentials file and specifying default in the
cyerduck profile config - I get listing directory denied (which is
expected).
The keys are for an authentication AWS account, which has access to assume
the role DPMProdMaster-RO, which is in another account.
Am I to assume that the nifty new temporary credentials feature does not
work with cross account/role based access?
--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:12>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list