Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unable to access AWS S3 bucket using the STS connection profile for preconfigured settings #10988

Closed
cyberduck opened this issue Mar 9, 2020 · 1 comment
Labels
bug duplicate high priority s3 AWS S3 Protocol Implementation

Comments

@cyberduck
Copy link
Collaborator

b96ee3e created the issue

I am trying to access files in an S3 bucket by assuming a role from the ~/.aws/credentials file.
The credential file contains a profile called test-user with a role arn specified.

I have downloaded the preconfigured .cyberduckprofile file for STS from https://cyberduck.io/s3/:

<?xml version="1.0" encoding="UTF-8"?>
<!…>

<!DOCTYPE plist PUBLIC "_Apple_DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Protocol</key>
        <string>s3</string>
        <key>Vendor</key>
        <string>s3-token</string>
        <key>Description</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Default Nickname</key>
        <string>S3 (Credentials from AWS Security Token Service)</string>
        <key>Username Placeholder</key>
        <string>testuser</string>
        <key>Password Configurable</key>
        <false/>
        <key>Token Configurable</key>
        <false/>
        <key>Anonymous Configurable</key>
        <false/>
    </dict>
</plist>

I placed this file at /opt/duck/app/

I am trying to run the following command:

duck --list s3:/test-ecs-bucket-01/ --profile sts.cyberduckprofile --verbose

I get the following output:

S3 connection opened…
> GET /?versioning HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:56 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170456Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 72E387F1284515E4
< x-amz-id-2: wXtPQM97Ti/koK6HlSc8KC/TRM3DaiXlRS/kYKAgIwMcaUlOf2xgwa6xPnjl4PByUnocBftaRPQ=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:56 GMT
< Connection: close
< Server: AmazonS3
> GET /?encoding-type=url&max-keys=1000&prefix&delimiter=%2F HTTP/1.1
> Date: Mon, 09 Mar 2020 17:04:57 GMT
> x-amz-request-payer: requester
> x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> Host: test-ecs-bucket-01.s3.amazonaws.com
> x-amz-date: 20200309T170457Z
> Authorization: ********
> Connection: Keep-Alive
> User-Agent: Cyberduck/7.2.8-SNAPSHOT.32437 (Linux/4.14.165-131.185.amzn2.x86_64) (amd64)
< HTTP/1.1 400 Bad Request
< x-amz-bucket-region: us-west-2
< x-amz-request-id: 22DD49F51B2F7CF7
< x-amz-id-2: hZrnwHQYYlsHwaRXL4tzmxibIlOIfQqT5JCMc+YWFuxlqmBSsutSCrWUCaKkNJChWGX+uYaQj3g=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 17:04:57 GMT
< Connection: close
Disconnecting s3.amazonaws.com…

Listing directory test-ecs-bucket-01 failed. The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential. Please contact your web hosting service provider for assistance.

Additional Information:
I have tried this on Linux CentOS and Amazon Linux2 AMI on EC2 instances.

How can I debug this issue?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Duplicate for #10989.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug duplicate high priority s3 AWS S3 Protocol Implementation
Projects
None yet
Development

No branches or pull requests

1 participant