Cyberduck Mountain Duck CLI

Changes between Initial Version and Version 1 of Ticket #10620, comment 5


Ignore:
Timestamp:
Feb 17, 2019 9:44:59 PM (2 years ago)
Author:
vwalveranta
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #10620, comment 5

    initial v1  
    11One more thing :-)
    22
    3 How are the baseprofile MFA sessions actually applicable to Cyberduck? Basically, if you have a set of AWS credentials, an access_key_id, and secret_access_key, but the MFA is set to be required for that IAM user, those credentials are no good for anything (e.g., accessing S3 buckets the user has privileges for) unless they provide MFA session credentials.
     3How are the baseprofile MFA sessions actually applicable to Cyberduck? Basically, if you have a set of AWS credentials, an `aws_access_key_id`, and `aws_secret_access_key`, but the MFA is set to be required for that IAM user, those credentials are no good for anything (e.g., accessing S3 buckets the user has privileges for) unless they provide MFA session credentials.
    44
    55The process would then be like this:
    66
    7 1. In the aws CLI, the user starts an MFA session for their IAM account. AWS provides a new aws_access_key_id, aws_secret_access_key, and aws_session_token. My awscli-mfa.sh script can make this less painful.
    8 2. The user opens a client (currently Cloudberry Explorer or, hopefully, Cyberduck in the future :-) and enters the session credentials (including the aws_session_token) into the connection profile.
     71. In the aws CLI, the user starts an MFA session for their IAM account. AWS provides a new `aws_access_key_id`, `aws_secret_access_key`, and `aws_session_token`. My `awscli-mfa.sh` script can make this less painful.
     82. The user opens a client (currently Cloudberry Explorer or, hopefully, Cyberduck in the future :-) and enters the session credentials (including the `aws_session_token`) into the connection profile.
    993. The user connects normally to the S3 buckets their IAM account has the privileges for.
    10104. Once the session ends, the access ends (and the user has to create a new MFA session in the CLI and update the session credentials in the connection profile to reconnect).