[Cyberduck-trac] [Cyberduck] #10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud S3
Cyberduck
trac at cyberduck.io
Sun Feb 3 04:20:52 UTC 2019
#10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud
S3
-----------------------+----------------------------
Reporter: cduser | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: s3 | Version: 6.9.2
Severity: major | Keywords: s3 iam sts mfa
Architecture: | Platform: macOS 10.13
-----------------------+----------------------------
The ''S3(Credentials from AWS Security Token Service)'' profile (
https://svn.cyberduck.io/trunk/profiles/S3%20(Credentials%20from%20AWS%20Security%20Token%20Service).cyberduckprofile)
does not work with AWS GovCloud accounts. Cyberduck gets into a loop where
it says "Authenticating as publish_profile" followed by "Login failed". I
also tried using the ''AWS GovCloud'' profile
(https://svn.cyberduck.io/trunk/profiles/S3%20Gov%20Cloud.cyberduckprofile),
but it doesn't support temporary tokens. I also tried creating my own
profile merging 'S3(Credentials from AWS Security Token Service)'' and
''AWS GovCloud'' but that didn't work either. Here is the custom profile I
tried out:
{{{
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2002-2018 iterate GmbH. All rights reserved.
~ https://cyberduck.io/
~
~ This program is free software; you can redistribute it and/or modify
~ it under the terms of the GNU General Public License as published by
~ the Free Software Foundation, either version 3 of the License, or
~ (at your option) any later version.
~
~ This program is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
~ GNU General Public License for more details.
-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Protocol</key>
<string>s3</string>
<key>Vendor</key>
<string>s3-token</string>
<key>Scheme</key>
<string>https</string>
<key>Description</key>
<string>AWS GovCloud S3</string>
<key>Default Port</key>
<string>443</string>
<key>Default Nickname</key>
<string>AWS GovCloud S3</string>
<key>Default Hostname</key>
<string>s3-us-gov-west-1.amazonaws.com</string>
<key>Username Placeholder</key>
<string>Profile Name</string>
<key>Password Configurable</key>
<false/>
<key>Token Configurable</key>
<false/>
<key>Anonymous Configurable</key>
<false/>
<key>Region</key>
<string>us-gov-west-1</string>
</dict>
</plist>
}}}
This is the AWS credentials file I'm using:
{{{
[publish_profile]
output = json
region = us-gov-west-1
aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
aws_session_token =
SSSSSSSSSSS//////////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
}}}
Is there a way to support both ''AWS GovCloud'' and ''S3 (Credentials from
AWS Security Token Service)'' at the same time?
Thanks!
--
Ticket URL: <https://trac.cyberduck.io/ticket/10594>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list