Cyberduck Mountain Duck CLI

Changes between Initial Version and Version 25 of Ticket #8880


Ignore:
Timestamp:
Dec 13, 2017 11:49:57 PM (2 years ago)
Author:
mjcsb
Comment:

I also need this.

What would be AWESOME: instead of collecting the access_key_id and secret_key, you instead would collect the $AWS_DEFAULT_PROFILE or "--profile" as used in aws s3 CLI commands, so if we have configured awscli to use roles via lines in ~/.aws/config, this would simply work without having to double-enter the data in two locations.

Happy if you provide an option to both store inside Cyberduck AND if not stored internally, attempt to lookup the profile inside ~/.aws/* too.

But, AWS best practice for the last few years has been to use role assumption in any multi-account scenario, and they've been pushing multi-account at the enterprise level also for a few years, so I think you need to prioritize this - it seems to have been a request for years now.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #8880

    • Property Status changed from new to assigned
    • Property Component changed from core to s3
    • Property Summary changed from S3 via an amazon assumed role to Authentication using AWS AssumeRole and GetSessionToken with AWS STS
    • Property Keywords sts added
    • Property Owner set to dkocher
    • Property Type changed from enhancement to feature
  • Ticket #8880 – Description

    initial v25  
    44
    55It does support roles from an EC2 instance, so I think it should be very easy to support from my own OSX laptop? I was thinking of just running a local proxy for 169.254.169.254 to fake the fact I am not running on EC2, but it seemed like overkill.
     6
     7I notice a few people are suggesting entry of the security token - but isn't that short-lived? Don't see how that's a stable configuration solution. When configuring AWS CLI for this, I'd have an entry for the master account, and then one entry for each assumed role, such as:
     8
     9[profile master]
     10region = us-east-1
     11output = json
     12
     13[profile security]
     14role_arn = arn:aws:iam::999999999999:role/MyAccessRole
     15source_profile = master
     16region=eu-west-1
     17output=json
     18
     19I think you need a way to collect and use this information, mainly the role_arn and reference to the source_profile.
swiss made software