[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile

[Cyberduck]

#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
 Reporter:  ekent        |         Owner:  dkocher
     Type:  defect       |        Status:  new
 Priority:  normal       |     Milestone:
Component:  s3           |       Version:  6.7.0
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:  macOS 10.12  |
-------------------------+------------------------

Comment (by ekent):

 Ok, so this is how we are setup to work:
 We run a script on terminal which authenticates us against company SSO,
 and goes off to STS to retrieve the credentials (access key, secret key
 and session token). These are then automatically placed in the
 .aws/credentials file.
 We then use a cross account role (DPMProdMaster-RO) to try to access the
 S3 in a different account to the one which the credentials are for (works
 for aws cli access), so we know that the credentials work, and that they
 are capable of use with the cross account roles.
 So we need a profile which will verify the existing session token and
 credentials in the aws credentials file, and allow us to use a cross
 account role with them.
 Hope this makes sense!

--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:14>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows