[Cyberduck-trac] [Cyberduck] #10989: unable to access AWS S3 bucket using the STS connection profile for preconfigured settings

Cyberduck trac at cyberduck.io
Mon Mar 9 17:20:46 UTC 2020


#10989: unable to access AWS S3 bucket using the STS connection profile for
preconfigured settings
----------------------------+-------------------
    Reporter:  saikarthikp  |      Owner:
        Type:  defect       |     Status:  new
    Priority:  high         |  Milestone:
   Component:  s3           |    Version:  7.2.4
    Severity:  major        |   Keywords:
Architecture:               |   Platform:  Linux
----------------------------+-------------------
 I am trying to access files in an S3 bucket by assuming a role from the
 ~/.aws/credentials file.
 The credential file contains a profile called test-user with a role arn
 specified.

 I have downloaded the preconfigured .cyberduckprofile file for STS from
 https://cyberduck.io/s3/:
 {{{
 <?xml version="1.0" encoding="UTF-8"?>
 <!…>

 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
 "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
     <dict>
         <key>Protocol</key>
         <string>s3</string>
         <key>Vendor</key>
         <string>s3-token</string>
         <key>Description</key>
         <string>S3 (Credentials from AWS Security Token Service)</string>
         <key>Default Nickname</key>
         <string>S3 (Credentials from AWS Security Token Service)</string>
         <key>Username Placeholder</key>
         <string>testuser</string>
         <key>Password Configurable</key>
         <false/>
         <key>Token Configurable</key>
         <false/>
         <key>Anonymous Configurable</key>
         <false/>
     </dict>
 </plist>
 }}}

 I placed this file at /opt/duck/app/

 I am trying to run the following command:
 {{{
 duck --list s3:/test-ecs-bucket-01/ --profile sts.cyberduckprofile
 --verbose
 }}}
 I get the following output:

 {{{
 S3 connection opened…
 > GET /?versioning HTTP/1.1
 > Date: Mon, 09 Mar 2020 17:04:56 GMT
 > x-amz-request-payer: requester
 > x-amz-content-sha256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 > Host: test-ecs-bucket-01.s3.amazonaws.com
 > x-amz-date: 20200309T170456Z
 > Authorization: ********
 > Connection: Keep-Alive
 > User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437
 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
 < HTTP/1.1 400 Bad Request
 < x-amz-request-id: 72E387F1284515E4
 < x-amz-id-2:
 wXtPQM97Ti/koK6HlSc8KC/TRM3DaiXlRS/kYKAgIwMcaUlOf2xgwa6xPnjl4PByUnocBftaRPQ=
 < Content-Type: application/xml
 < Transfer-Encoding: chunked
 < Date: Mon, 09 Mar 2020 17:04:56 GMT
 < Connection: close
 < Server: AmazonS3
 > GET /?encoding-type=url&max-keys=1000&prefix&delimiter=%2F HTTP/1.1
 > Date: Mon, 09 Mar 2020 17:04:57 GMT
 > x-amz-request-payer: requester
 > x-amz-content-sha256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 > Host: test-ecs-bucket-01.s3.amazonaws.com
 > x-amz-date: 20200309T170457Z
 > Authorization: ********
 > Connection: Keep-Alive
 > User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437
 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
 < HTTP/1.1 400 Bad Request
 < x-amz-bucket-region: us-west-2
 < x-amz-request-id: 22DD49F51B2F7CF7
 < x-amz-id-2:
 hZrnwHQYYlsHwaRXL4tzmxibIlOIfQqT5JCMc+YWFuxlqmBSsutSCrWUCaKkNJChWGX+uYaQj3g=
 < Content-Type: application/xml
 < Transfer-Encoding: chunked
 < Date: Mon, 09 Mar 2020 17:04:57 GMT
 < Connection: close
 Disconnecting s3.amazonaws.com…

 Listing directory test-ecs-bucket-01 failed. The authorization header is
 malformed; a non-empty Access Key (AKID) must be provided in the
 credential. Please contact your web hosting service provider for
 assistance.
 }}}

 Additional Information:
 I have tried this on Linux CentOS and Amazon Linux2 AMI on EC2 instances.

 How can I debug this issue?

--
Ticket URL: <https://trac.cyberduck.io/ticket/10989>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list