[Cyberduck-trac] [Cyberduck] #8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS

Cyberduck trac at cyberduck.io
Sat Feb 2 21:35:14 UTC 2019

#8880: Authentication using AWS AssumeRole and GetSessionToken with AWS STS
 Reporter:  tigris          |         Owner:  dkocher
     Type:  feature         |        Status:  closed
 Priority:  high            |     Milestone:  6.7.0
Component:  s3              |       Version:  4.7
 Severity:  normal          |    Resolution:  fixed
 Keywords:  s3 iam sts mfa  |  Architecture:  Intel
 Platform:  Mac OS X 10.10  |

Comment (by cduser):

 Replying to [comment:59 dkocher]:
 > Replying to [comment:56 cduser]:
 > > This credentials file configuration (previously mentioned by dt001)
 works perfectly with commercial S3 regions (server: s3.amazonaws.com,
 region: us-west-1) but not with AWS GovCloud (server: s3-us-gov-
 west-1.amazonaws.com, region: us-gov-west-1). I'm using s3-us-gov-
 west-1.amazonaws.com as the "Server" and cyberduck gets into a loop where
 it says "Authenticating as publish_profile" followed by "Login failed". I
 am using version 6.9.3. Any ideas?
 > >
 > > {{{
 > > [publish_profile]
 > > output = json
 > > region = us-gov-west-1
 > > aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
 > > aws_session_token =
 > > }}}
 > Can you confirm you use the ''AWS GovCloud connection profile'' from
 [https://cyberduck.io/s3/]. Please open a new ticket if the issue

 Hi dkocher,

 I tried using the AWS GovCloud connection profile
 The problem is that this profile doesn't seem to have the option to use
 ''S3(Credentials from AWS Security Token Service)''. It seems like to use
 a temporary token I need to use this other profile
 I tried adding the following config to the ''S3(Credentials from AWS
 Security Token Service)'' profile (to change the S3 URL) but didn't work
 (unless I'm missing something).

         <key>Default Port</key>
         <key>Default Hostname</key>

 Is there a way to support both ''AWS GovCloud '' and "S3 (Credentials from
 AWS Security Token Service)".


Ticket URL: <https://trac.cyberduck.io/ticket/8880#comment:62>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list