[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile
Cyberduck
trac at cyberduck.io
Tue Aug 21 12:22:56 UTC 2018
#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
Reporter: ekent | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 6.7.0
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: macOS 10.12 |
-------------------------+------------------------
Comment (by dkocher):
Cross account/role based access should work. Not sure if I can follow but
I want to clarify what we attempt in the different configuration
deployment scenarios:
* If a role based profile is found (with `role_arn`), we will issue a
`AssumeRoleRequest`request to STS to obtain credentials.
* For basic profiles we read `aws_access_key_id`, `aws_secret_access_key`
and `aws_session_token` and authenticate *without* STS.
* For basic profiles with no `aws_session_token` but `Token Configurable`
set in the connection profile we obtain the credentials using a
`GetSessionTokenRequest` from STS (we do not currently advertise such a
profile on [https://cyberduck.io/s3/])
--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:13>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list