[Cyberduck-trac] [Cyberduck] #10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud S3

Cyberduck trac at cyberduck.io
Mon Feb 4 18:41:33 UTC 2019


#10594: Temporary tokens (credentials from AWS STS) do not work with AWS GovCloud
S3
----------------------------+------------------------
 Reporter:  cduser          |         Owner:  dkocher
     Type:  defect          |        Status:  closed
 Priority:  high            |     Milestone:  6.9.3
Component:  s3              |       Version:  6.9.2
 Severity:  major           |    Resolution:  fixed
 Keywords:  s3 iam sts mfa  |  Architecture:
 Platform:  macOS 10.13     |
----------------------------+------------------------

Comment (by cduser):

 Replying to [comment:7 dkocher]:
 > A new snapshot build has now been published. Please comment on this
 ticket if the issue is resolved (or reopen) as we cannot fully test this
 ourselves.

 Hi dkocher,

 I can help with the testing. Unfortunately I'm still having issues, but
 its looking better.

 This is what I'm doing:

 I'm using the following profile:

 {{{
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Copyright (c) 2002-2018 iterate GmbH. All rights reserved.
   ~ https://cyberduck.io/
   ~
   ~ This program is free software; you can redistribute it and/or modify
   ~ it under the terms of the GNU General Public License as published by
   ~ the Free Software Foundation, either version 3 of the License, or
   ~ (at your option) any later version.
   ~
   ~ This program is distributed in the hope that it will be useful,
   ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
   ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   ~ GNU General Public License for more details.
   -->

 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
 "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
     <dict>
         <key>Protocol</key>
         <string>s3</string>
         <key>Vendor</key>
         <string>s3-token</string>
         <key>Description</key>
         <string>S3 (Credentials from AWS Security Token Service)</string>
         <key>Default Nickname</key>
         <string>S3 (Credentials from AWS Security Token Service)</string>
         <key>Username Placeholder</key>
         <string>Profile Name in ~/.aws/credentials</string>
         <key>Password Configurable</key>
         <false/>
         <key>Token Configurable</key>
         <false/>
         <key>Anonymous Configurable</key>
         <false/>
         <key>Region</key>
         <string>us-gov-west-1</string>
     </dict>
 </plist>
 }}}

 When adding the profile to cyberduck I set''Server'' to ''s3-us-gov-
 west-1.amazonaws.com'' and ''Profile Name in ~/.aws/credentials'' to
 ''cyberduck''. I then get new temporary credentials from AWS and put them
 in my ~/.aws/credentials file like this:

 {{{
 [cyberduck]
 output = json
 region = us-gov-west-1
 aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
 aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
 aws_session_token =
 SSSSSSSSSSS//////////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
 }}}

 When I double click on the the shortcut in cyberduck I see
 ''Authenticating as cyberduck'' in the lower left corner with a spinning
 icon, but it never connects. If I try to close cyberduck it gets locked up
 and I have to force quit. Is there a way to enable debug logs?

 Thank you for all your help and prompt response!

--
Ticket URL: <https://trac.cyberduck.io/ticket/10594#comment:8>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list