[Cyberduck-trac] [Cyberduck] #11229: AssumeRole doesn't use the external_id value (was: AWS S3 AssumeRole doesn't use the external_id value)

Cyberduck trac at cyberduck.io
Mon Nov 9 22:03:06 UTC 2020 

#11229: AssumeRole doesn't use the external_id value
-------------------------+-------------------------
 Reporter:  VelociBison  |         Owner:  dkocher
     Type:  enhancement  |        Status:  assigned
 Priority:  normal       |     Milestone:  8.0
Component:  s3           |       Version:  7.6.2
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:  Intel
 Platform:  Windows 10   |
-------------------------+-------------------------
Changes (by dkocher):

 * status:  new => assigned
 * milestone:   => 8.0
 * owner:   => dkocher
 * type:  defect => enhancement


Old description:

> Hello,
>
> CyberDuck fails to do an AWS IAM AssumeRole when trying to use S3 because
> it doesn't pass along the external_id value from the ~/.aws/credtential
> profile.
>
> I'm using CyberDuck to access AWS S3 resources using an AssumeRole
> action.  I would like to be able to use the external_id enforcement as
> suggested by AWS https://docs.aws.amazon.com/IAM/latest/UserGuide
> /id_roles_create_for-user_externalid.html
>
> I'm not sure if you want to label this as a defect enhancement or
> feature.  Feel free to adjust priority and severity as you see fit.
>
> When I remove the external_id constraint on the role the AssumeRole
> succeeds with CyberDuck.  I also verified using the same profile via the
> CLI with external_id enforced on the role and it succeeds so it looks to
> be an issue in CyberDuck.
>
> Thank you for your time and creating CyberDuck

New description:

 Hello,

 CyberDuck fails to do an AWS IAM AssumeRole when trying to use S3 because
 it doesn't pass along the external_id value from the ~/.aws/credential
 profile.

 I'm using CyberDuck to access AWS S3 resources using an AssumeRole action.
 I would like to be able to use the external_id enforcement as suggested by
 AWS https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-
 user_externalid.html

 I'm not sure if you want to label this as a defect enhancement or feature.
 Feel free to adjust priority and severity as you see fit.

 When I remove the external_id constraint on the role the AssumeRole
 succeeds with CyberDuck.  I also verified using the same profile via the
 CLI with external_id enforced on the role and it succeeds so it looks to
 be an issue in CyberDuck.

 Thank you for your time and creating CyberDuck

--

Comment:

 Thanks for reporting this issue.

--
Ticket URL: <https://trac.cyberduck.io/ticket/11229#comment:1>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list