Cyberduck Mountain Duck CLI

#10988 closed defect (duplicate)

unable to access AWS S3 bucket using the STS connection profile for preconfigured settings

Reported by: saikarthikp Owned by:
Priority: high Milestone:
Component: s3 Version: 7.2.4
Severity: major Keywords:
Cc: Architecture:
Platform: Linux

Description

I am trying to access files in an S3 bucket by assuming a role from the ~/.aws/credentials file. The credential file contains a profile called test-user with a role arn specified.

I have downloaded the preconfigured .cyberduckprofile file for STS from https://cyberduck.io/s3/:

<?xml version="1.0" encoding="UTF-8"?>
<!…>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Protocol</key>
        <string>s3</string>
        <key>Vendor</key>
        <string>s3-token</string>
        <key>Description</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Default Nickname</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Username Placeholder</key>
        <string>testuser</string>
        <key>Password Configurable</key>
        <false/>
        <key>Token Configurable</key>
        <false/>
        <key>Anonymous Configurable</key>
        <false/>
    </dict>
</plist>

I placed this file at /opt/duck/app/

I am trying to run the following command:

duck --list s3:/test-ecs-bucket-01/ --profile sts.cyberduckprofile --verbose

I get the following output:

S3 connection opened…
> GET /?versioning HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:56 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170456Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 72E387F1284515E4
< x-amz-id-2: wXtPQM97Ti/koK6HlSc8KC/TRM3DaiXlRS/kYKAgIwMcaUlOf2xgwa6xPnjl4PByUnocBftaRPQ=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:56 GMT
< Connection: close
< Server: AmazonS3
> GET /?encoding-type=url&max-keys=1000&prefix&delimiter=%2F HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:57 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170457Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: us-west-2
< x-amz-request-id: 22DD49F51B2F7CF7
< x-amz-id-2: hZrnwHQYYlsHwaRXL4tzmxibIlOIfQqT5JCMc+YWFuxlqmBSsutSCrWUCaKkNJChWGX+uYaQj3g=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:57 GMT
< Connection: close
Disconnecting s3.amazonaws.com…

Listing directory test-ecs-bucket-01 failed. The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential. Please contact your web hosting service provider for assistance.

Additional Information: I have tried this on Linux CentOS and Amazon Linux2 AMI on EC2 instances.

How can I debug this issue?

Change History (1)

comment:1 Changed on Mar 13, 2020 at 2:07:41 PM by dkocher

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate for #10989.

Note: See TracTickets for help on using tickets.