[Cyberduck-trac] [Cyberduck] #8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS

Cyberduck trac at cyberduck.io
Sat Feb 2 21:19:15 UTC 2019

#8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
 Reporter:  tigris          |         Owner:  dkocher
     Type:  feature         |        Status:  reopened
 Priority:  high            |     Milestone:  6.7.0
Component:  s3              |       Version:  4.7
 Severity:  normal          |    Resolution:
 Keywords:  s3 iam sts mfa  |  Architecture:  Intel
 Platform:  Mac OS X 10.10  |

Comment (by dkocher):

 Replying to [comment:56 cduser]:
 > This credentials file configuration (previously mentioned by dt001)
 works perfectly with commercial S3 regions (server: s3.amazonaws.com,
 region: us-west-1) but not with AWS GovCloud (server: s3-us-gov-
 west-1.amazonaws.com, region: us-gov-west-1). I'm using s3-us-gov-
 west-1.amazonaws.com as the "Server" and cyberduck gets into a loop where
 it says "Authenticating as publish_profile" followed by "Login failed". I
 am using version 6.9.3. Any ideas?
 > {{{
 > [publish_profile]
 > output = json
 > region = us-gov-west-1
 > aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
 > aws_session_token =
 > }}}

 Can you confirm you use the ''AWS GovCloud connection profile'' from
 [https://cyberduck.io/s3/]. Please open a new ticket if the issue

Ticket URL: <https://trac.cyberduck.io/ticket/8880#comment:59>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list