[Cyberduck-trac] [Cyberduck] #8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
Cyberduck
trac at cyberduck.io
Tue May 1 12:11:01 UTC 2018
#8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
----------------------------+-------------------------
Reporter: tigris | Owner: dkocher
Type: feature | Status: assigned
Priority: high | Milestone: 7.0
Component: s3 | Version: 4.7
Severity: normal | Resolution:
Keywords: s3 iam sts mfa | Architecture: Intel
Platform: Mac OS X 10.10 |
----------------------------+-------------------------
Comment (by dkocher):
Thanks everyone for the input provided!
As we are not accustomed ourselves to using session tokens, we would love
to get some feedback if requirements are met when we implement this with
the following constraints:
* Read AWS credential profiles file from the default location
(`~/.aws/credentials`). We already do this – note the AWS access key being
set when you add a new bookmark and set the protocol to S3.
* If the AWS Access Key set in the bookmark matches, read the session
token.
* We use the default profile "default" unless a custom profile name is
set in the connection profile using the key `Context`. Refer to
[https://trac.cyberduck.io/wiki/help/en/howto/profiles Profiles].
* When `Context`is set to an URL, the session token is retrieved from the
EC2 instance metadata service (already
[https://trac.cyberduck.io/wiki/help/en/howto/s3#ConnectingwithtemporaryaccesscredentialsTokenfromEC2
supported]).
--
Ticket URL: <https://trac.cyberduck.io/ticket/8880#comment:34>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list