[Cyberduck-trac] [Cyberduck] #10620: Add AWS session token field for S3 connections
Cyberduck
trac at cyberduck.io
Thu Mar 7 22:00:39 UTC 2019
#10620: Add AWS session token field for S3 connections
-------------------------------+-------------------------
Reporter: vwalveranta | Owner: dkocher
Type: feature | Status: assigned
Priority: normal | Milestone: 7.0
Component: s3 | Version: 6.9.3
Severity: normal | Resolution:
Keywords: MFA session token | Architecture:
Platform: |
-------------------------------+-------------------------
Comment (by vwalveranta):
Hello,
Confirmed! This form of implementation is a great approach as this way the
session credentials don't need to be coped into the connection profile
every time. Well done!
I would augment the documentation at
https://trac.cyberduck.io/wiki/help/en/howto/s3#ConnectingusingAssumeRolefromAWSSecurityTokenServiceSTS
under the subsection: "Read credentials from ~/.aws/credentials" to point
out that if an AWS MFA session credentials (not only a role session
credentials) are persisted in `~/.aws/credentials`, that MFA or role
session profile can be referred to directly, e.g. `myprofile-mfasession`
instead of `myprofile` (the `-mfasession` and `-rolessession` postfixes
are what my `awscli-mfa.sh` script, mentioned above, persists the MFA
sessions and MFA-enabled role session credentials as, but users can, of
course, name the MFA session profiles whichever way they like if they
acquire the MFA/role session manually with `awscli sts get-session-token`
command instead of using my utility script).
--
Ticket URL: <https://trac.cyberduck.io/ticket/10620#comment:8>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list