[Cyberduck-trac] [Cyberduck] #8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
Cyberduck
trac at cyberduck.io
Sat Feb 2 21:35:14 UTC 2019
#8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
----------------------------+------------------------
Reporter: tigris | Owner: dkocher
Type: feature | Status: closed
Priority: high | Milestone: 6.7.0
Component: s3 | Version: 4.7
Severity: normal | Resolution: fixed
Keywords: s3 iam sts mfa | Architecture: Intel
Platform: Mac OS X 10.10 |
----------------------------+------------------------
Comment (by cduser):
Replying to [comment:59 dkocher]:
> Replying to [comment:56 cduser]:
> > This credentials file configuration (previously mentioned by dt001)
works perfectly with commercial S3 regions (server: s3.amazonaws.com,
region: us-west-1) but not with AWS GovCloud (server: s3-us-gov-
west-1.amazonaws.com, region: us-gov-west-1). I'm using s3-us-gov-
west-1.amazonaws.com as the "Server" and cyberduck gets into a loop where
it says "Authenticating as publish_profile" followed by "Login failed". I
am using version 6.9.3. Any ideas?
> >
> > {{{
> > [publish_profile]
> > output = json
> > region = us-gov-west-1
> > aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
> > aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
> > aws_session_token =
SSSSSSSSSSS//////////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS=
> > }}}
>
> Can you confirm you use the ''AWS GovCloud connection profile'' from
[https://cyberduck.io/s3/]. Please open a new ticket if the issue
persists.
Hi dkocher,
I tried using the AWS GovCloud connection profile
(https://svn.cyberduck.io/trunk/profiles/S3%20Gov%20Cloud.cyberduckprofile).
The problem is that this profile doesn't seem to have the option to use
''S3(Credentials from AWS Security Token Service)''. It seems like to use
a temporary token I need to use this other profile
(https://svn.cyberduck.io/trunk/profiles/S3%20(Credentials%20from%20AWS%20Security%20Token%20Service).cyberduckprofile).
I tried adding the following config to the ''S3(Credentials from AWS
Security Token Service)'' profile (to change the S3 URL) but didn't work
(unless I'm missing something).
{{{
<key>Default Port</key>
<string>443</string>
<key>Default Hostname</key>
<string>s3-us-gov-west-1.amazonaws.com</string>
}}}
Is there a way to support both ''AWS GovCloud '' and "S3 (Credentials from
AWS Security Token Service)".
Thanks!
--
Ticket URL: <https://trac.cyberduck.io/ticket/8880#comment:62>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list