[Cyberduck-trac] [Cyberduck] #10432: 403 Forbidden for requesting credentials from role based profile
Cyberduck
trac at cyberduck.io
Tue Aug 21 12:34:20 UTC 2018
#10432: 403 Forbidden for requesting credentials from role based profile
-------------------------+------------------------
Reporter: ekent | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 6.7.0
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: macOS 10.12 |
-------------------------+------------------------
Comment (by ekent):
Ok, so this is how we are setup to work:
We run a script on terminal which authenticates us against company SSO,
and goes off to STS to retrieve the credentials (access key, secret key
and session token). These are then automatically placed in the
.aws/credentials file.
We then use a cross account role (DPMProdMaster-RO) to try to access the
S3 in a different account to the one which the credentials are for (works
for aws cli access), so we know that the credentials work, and that they
are capable of use with the cross account roles.
So we need a profile which will verify the existing session token and
credentials in the aws credentials file, and allow us to use a cross
account role with them.
Hope this makes sense!
--
Ticket URL: <https://trac.cyberduck.io/ticket/10432#comment:14>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list