[Cyberduck-trac] [Cyberduck] #11229: AWS S3 AssumeRole doesn't use the external_id value

Cyberduck trac at cyberduck.io
Mon Nov 9 20:38:10 UTC 2020

#11229: AWS S3 AssumeRole doesn't use the external_id value
    Reporter:  VelociBison  |      Owner:
        Type:  defect       |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  s3           |    Version:  7.6.2
    Severity:  normal       |   Keywords:
Architecture:  Intel        |   Platform:  Windows 10

 CyberDuck fails to do an AWS IAM AssumeRole when trying to use S3 because
 it doesn't pass along the external_id value from the ~/.aws/credtential

 I'm using CyberDuck to access AWS S3 resources using an AssumeRole action.
 I would like to be able to use the external_id enforcement as suggested by
 AWS https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-

 I'm not sure if you want to label this as a defect enhancement or feature.
 Feel free to adjust priority and severity as you see fit.

 When I remove the external_id constraint on the role the AssumeRole
 succeeds with CyberDuck.  I also verified using the same profile via the
 CLI with external_id enforced on the role and it succeeds so it looks to
 be an issue in CyberDuck.

 Thank you for your time and creating CyberDuck

Ticket URL: <https://trac.cyberduck.io/ticket/11229>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list