[Cyberduck-trac] [Cyberduck] #10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud S3

Cyberduck trac at cyberduck.io
Sun Feb 3 04:20:52 UTC 2019


#10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud
S3
-----------------------+----------------------------
    Reporter:  cduser  |      Owner:
        Type:  defect  |     Status:  new
    Priority:  high    |  Milestone:
   Component:  s3      |    Version:  6.9.2
    Severity:  major   |   Keywords:  s3 iam sts mfa
Architecture:          |   Platform:  macOS 10.13
-----------------------+----------------------------
 The ''S3(Credentials from AWS Security Token Service)'' profile (
 https://svn.cyberduck.io/trunk/profiles/S3%20(Credentials%20from%20AWS%20Security%20Token%20Service).cyberduckprofile)
 does not work with AWS GovCloud accounts. Cyberduck gets into a loop where
 it says "Authenticating as publish_profile" followed by "Login failed". I
 also tried using the ''AWS GovCloud'' profile
 (https://svn.cyberduck.io/trunk/profiles/S3%20Gov%20Cloud.cyberduckprofile),
 but it doesn't support temporary tokens. I also tried creating my own
 profile merging 'S3(Credentials from AWS Security Token Service)'' and
 ''AWS GovCloud'' but that didn't work either. Here is the custom profile I
 tried out:


 {{{
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Copyright (c) 2002-2018 iterate GmbH. All rights reserved.
   ~ https://cyberduck.io/
   ~
   ~ This program is free software; you can redistribute it and/or modify
   ~ it under the terms of the GNU General Public License as published by
   ~ the Free Software Foundation, either version 3 of the License, or
   ~ (at your option) any later version.
   ~
   ~ This program is distributed in the hope that it will be useful,
   ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
   ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   ~ GNU General Public License for more details.
   -->

 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
 "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
     <dict>
         <key>Protocol</key>
         <string>s3</string>
         <key>Vendor</key>
         <string>s3-token</string>
         <key>Scheme</key>
         <string>https</string>
         <key>Description</key>
         <string>AWS GovCloud S3</string>
         <key>Default Port</key>
         <string>443</string>
         <key>Default Nickname</key>
         <string>AWS GovCloud S3</string>
         <key>Default Hostname</key>
         <string>s3-us-gov-west-1.amazonaws.com</string>
         <key>Username Placeholder</key>
         <string>Profile Name</string>
         <key>Password Configurable</key>
         <false/>
         <key>Token Configurable</key>
         <false/>
         <key>Anonymous Configurable</key>
         <false/>
         <key>Region</key>
         <string>us-gov-west-1</string>
     </dict>
 </plist>
 }}}

 This is the AWS credentials file I'm using:

 {{{
 [publish_profile]
 output = json
 region = us-gov-west-1
 aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
 aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
 aws_session_token =
 SSSSSSSSSSS//////////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
 }}}


 Is there a way to support both ''AWS GovCloud'' and ''S3 (Credentials from
 AWS Security Token Service)'' at the same time?

 Thanks!

--
Ticket URL: <https://trac.cyberduck.io/ticket/10594>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list