[Cyberduck-trac] [Cyberduck] #10988: unable to access AWS S3 bucket using the STS connection profile for preconfigured settings
Cyberduck
trac at cyberduck.io
Mon Mar 9 17:20:45 UTC 2020
#10988: unable to access AWS S3 bucket using the STS connection profile for
preconfigured settings
----------------------------+-------------------
Reporter: saikarthikp | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: s3 | Version: 7.2.4
Severity: major | Keywords:
Architecture: | Platform: Linux
----------------------------+-------------------
I am trying to access files in an S3 bucket by assuming a role from the
~/.aws/credentials file.
The credential file contains a profile called test-user with a role arn
specified.
I have downloaded the preconfigured .cyberduckprofile file for STS from
https://cyberduck.io/s3/:
{{{
<?xml version="1.0" encoding="UTF-8"?>
<!…>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Protocol</key>
<string>s3</string>
<key>Vendor</key>
<string>s3-token</string>
<key>Description</key>
<string>S3 (Credentials from AWS Security Token Service)</string>
<key>Default Nickname</key>
<string>S3 (Credentials from AWS Security Token Service)</string>
<key>Username Placeholder</key>
<string>testuser</string>
<key>Password Configurable</key>
<false/>
<key>Token Configurable</key>
<false/>
<key>Anonymous Configurable</key>
<false/>
</dict>
</plist>
}}}
I placed this file at /opt/duck/app/
I am trying to run the following command:
{{{
duck --list s3:/test-ecs-bucket-01/ --profile sts.cyberduckprofile
--verbose
}}}
I get the following output:
{{{
S3 connection opened…
> GET /?versioning HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:56 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170456Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437
(Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 72E387F1284515E4
< x-amz-id-2:
wXtPQM97Ti/koK6HlSc8KC/TRM3DaiXlRS/kYKAgIwMcaUlOf2xgwa6xPnjl4PByUnocBftaRPQ=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:56 GMT
< Connection: close
< Server: AmazonS3
> GET /?encoding-type=url&max-keys=1000&prefix&delimiter=%2F HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:57 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170457Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437
(Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: us-west-2
< x-amz-request-id: 22DD49F51B2F7CF7
< x-amz-id-2:
hZrnwHQYYlsHwaRXL4tzmxibIlOIfQqT5JCMc+YWFuxlqmBSsutSCrWUCaKkNJChWGX+uYaQj3g=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:57 GMT
< Connection: close
Disconnecting s3.amazonaws.com…
Listing directory test-ecs-bucket-01 failed. The authorization header is
malformed; a non-empty Access Key (AKID) must be provided in the
credential. Please contact your web hosting service provider for
assistance.
}}}
Additional Information:
I have tried this on Linux CentOS and Amazon Linux2 AMI on EC2 instances.
How can I debug this issue?
--
Ticket URL: <https://trac.cyberduck.io/ticket/10988>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list