@dkocher commented

The auto configuration from ~/aws/credentials is currently only triggered when the hostname defaults to s3.amazonaws.com.

e51fc8f commented

Thanks for checking! I also want to mention that there are now 2 GovCloud regions with different endpoints:

s3-us-gov-west-1.amazonaws.com
s3.us-gov-east-1.amazonaws.com

@ylangisc commented

Fixed in 43fbb35.

e51fc8f commented

Replying to [comment:4 yla]:

Fixed in 43fbb35.

Thanks a lot! Two questions:

1. When will the update make it to a snapshot release?
2. Is there a way to configure a default value for the Profile Name in ~/.aws/credentials in the .cyberduckprofile file?

Thanks!

@dkocher commented

Replying to [comment:3 cduser]:

Thanks for checking! I also want to mention that there are now 2 GovCloud regions with different endpoints:

s3-us-gov-west-1.amazonaws.com
s3.us-gov-east-1.amazonaws.com

Added profile in 7d0edce.

@dkocher commented

A new snapshot build has now been published. Please comment on this ticket if the issue is resolved (or reopen) as we cannot fully test this ourselves.

e51fc8f commented

Replying to [comment:7 dkocher]:

A new snapshot build has now been published. Please comment on this ticket if the issue is resolved (or reopen) as we cannot fully test this ourselves.

Hi dkocher,

I can help with the testing. Unfortunately I'm still having issues, but its looking better.

This is what I'm doing:

I'm using the following profile:

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (c) 2002-2018 iterate GmbH. All rights reserved.
  ~ https://cyberduck.io/
  ~
  ~ This program is free software; you can redistribute it and/or modify
  ~ it under the terms of the GNU General Public License as published by
  ~ the Free Software Foundation, either version 3 of the License, or
  ~ (at your option) any later version.
  ~
  ~ This program is distributed in the hope that it will be useful,
  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  ~ GNU General Public License for more details.
  -->

<!DOCTYPE plist PUBLIC "_Apple_DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Protocol</key>
        <string>s3</string>
        <key>Vendor</key>
        <string>s3-token</string>
        <key>Description</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Default Nickname</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Username Placeholder</key>
        <string>Profile Name in ~/.aws/credentials</string>
        <key>Password Configurable</key>
        <false/>
        <key>Token Configurable</key>
        <false/>
        <key>Anonymous Configurable</key>
        <false/>
        <key>Region</key>
        <string>us-gov-west-1</string>
    </dict>
</plist>

When adding the profile to cyberduck I setServer to s3-us-gov-west-1.amazonaws.com and Profile Name in ~/.aws/credentials to cyberduck. I then get new temporary credentials from AWS and put them in my ~/.aws/credentials file like this:

[cyberduck]
output = json
region = us-gov-west-1
aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
aws_secret_access_key = KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
aws_session_token = SSSSSSSSSS_//_////SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

When I double click on the the shortcut in cyberduck I see Authenticating as cyberduck in the lower left corner with a spinning icon, but it never connects. If I try to close cyberduck it gets locked up and I have to force quit. Is there a way to enable debug logs?

Thank you for all your help and prompt response!

@dkocher commented

The error I can reproduce here is

<?xml version="1.0" encoding="UTF-8"?><Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'us-gov-west-1' is wrong; expecting 'us-east-1'</Message><Region>us-east-1</Region><RequestId>6DC92B83F187052E</RequestId><HostId>/i/KpB+I0jY/luCGm6wHoW5YJjdxMYTknIMe9rYtCMInebV+rJBtiI8b9sK7NXfOzS+n0wuMUTQ=</HostId></Error>

@dkocher commented

Fix regression in ab5c312.

e51fc8f commented

Replying to [comment:11 dkocher]:

Fix regression in ab5c312.

Great! The AWS GovCloud S3 login issues are fixed. I can now log in (using the configuration in the credentials file) and see the directory listing. Unfortunately I run into an error when trying to download files or directories. Since I get the same error using the normal access keys, I created a new ticket #10596.

Thanks!