[Cyberduck-trac] [Cyberduck] #8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS

Cyberduck trac at cyberduck.io
Fri Feb 1 11:25:35 UTC 2019

#8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
 Reporter:  tigris          |         Owner:  dkocher
     Type:  feature         |        Status:  reopened
 Priority:  high            |     Milestone:  6.7.0
Component:  s3              |       Version:  4.7
 Severity:  normal          |    Resolution:
 Keywords:  s3 iam sts mfa  |  Architecture:  Intel
 Platform:  Mac OS X 10.10  |

Comment (by cduser):

 Replying to [comment:57 fguerraz]:
 > Replying to [comment:56 cduser]:
 > > This credentials file configuration (previously mentioned by dt001)
 works perfectly with commercial S3 regions (server: s3.amazonaws.com,
 region: us-west-1) but not with AWS GovCloud (server: s3-us-gov-
 west-1.amazonaws.com, region: us-gov-west-1). I'm using s3-us-gov-
 west-1.amazonaws.com as the "Server" and cyberduck gets into a loop where
 it says "Authenticating as publish_profile" followed by "Login failed". I
 am using version 6.9.3. Any ideas?
 > >
 > Did you try us-gov-west-1 as a region in your credentials file? I guess
 the issue is that it tries to connect to the wrong STS endpoing which is
 built from that string.

 Hi fguerraz,

 Sorry. Yes I have in my credentials file us-gov-west-1 instead of us-
 west-1. I tried both, us-gov-west-1 fails (using the s3-us-gov-
 west-1.amazonaws.com server) and us-west-1 works (using the
 s3.amazonaws.com server). I'm going to edit my original comment to replace
 us-west-1 with us-gov-west-1.


Ticket URL: <https://trac.cyberduck.io/ticket/8880#comment:58>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list