[Cyberduck-trac] [Cyberduck] #10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud S3
Cyberduck
trac at cyberduck.io
Mon Feb 4 18:41:33 UTC 2019
#10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud
S3
----------------------------+------------------------
Reporter: cduser | Owner: dkocher
Type: defect | Status: closed
Priority: high | Milestone: 6.9.3
Component: s3 | Version: 6.9.2
Severity: major | Resolution: fixed
Keywords: s3 iam sts mfa | Architecture:
Platform: macOS 10.13 |
----------------------------+------------------------
Comment (by cduser):
Replying to [comment:7 dkocher]:
> A new snapshot build has now been published. Please comment on this
ticket if the issue is resolved (or reopen) as we cannot fully test this
ourselves.
Hi dkocher,
I can help with the testing. Unfortunately I'm still having issues, but
its looking better.
This is what I'm doing:
I'm using the following profile:
{{{
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2002-2018 iterate GmbH. All rights reserved.
~ https://cyberduck.io/
~
~ This program is free software; you can redistribute it and/or modify
~ it under the terms of the GNU General Public License as published by
~ the Free Software Foundation, either version 3 of the License, or
~ (at your option) any later version.
~
~ This program is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
~ GNU General Public License for more details.
-->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Protocol</key>
<string>s3</string>
<key>Vendor</key>
<string>s3-token</string>
<key>Description</key>
<string>S3 (Credentials from AWS Security Token Service)</string>
<key>Default Nickname</key>
<string>S3 (Credentials from AWS Security Token Service)</string>
<key>Username Placeholder</key>
<string>Profile Name in ~/.aws/credentials</string>
<key>Password Configurable</key>
<false/>
<key>Token Configurable</key>
<false/>
<key>Anonymous Configurable</key>
<false/>
<key>Region</key>
<string>us-gov-west-1</string>
</dict>
</plist>
}}}
When adding the profile to cyberduck I set''Server'' to ''s3-us-gov-
west-1.amazonaws.com'' and ''Profile Name in ~/.aws/credentials'' to
''cyberduck''. I then get new temporary credentials from AWS and put them
in my ~/.aws/credentials file like this:
{{{
[cyberduck]
output = json
region = us-gov-west-1
aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
aws_session_token =
SSSSSSSSSSS//////////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
}}}
When I double click on the the shortcut in cyberduck I see
''Authenticating as cyberduck'' in the lower left corner with a spinning
icon, but it never connects. If I try to close cyberduck it gets locked up
and I have to force quit. Is there a way to enable debug logs?
Thank you for all your help and prompt response!
--
Ticket URL: <https://trac.cyberduck.io/ticket/10594#comment:8>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list