Cyberduck

Timestamp:

Jul 20, 2018 7:39:35 AM (3 years ago)

Author:

dkocher

Comment:

STS

help/en/howto/s3

@@ -56 +56 @@
 that will fetch temporary credentials from EC2 instance metadata service at `http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access` to authenticate. Edit the profile to change the role name `s3access` to match your IAM configuration.
 
-=== Read credentials from ~/.aws/credentials ===
-When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`.
+=== Connecting using AssumeRole from AWS Security Token Service (STS) ===
+'''Version 6.7.0 or later required'''
+Instead of providing Access Key ID and Secret Access Key, authenticate using temporary credentials from AWS Security Token Service (STS) with optional Multi-Factor Authentication (MFA). Refer to [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles].
+
+==== Read credentials from ~/.aws/credentials ====
+When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`. You must provide configuration in the standard credentials property file `~/.aws/credentials` from [https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html AWS Command Line Interface]. Configure a bookmark with the `Username` matching the profile name from `~/.aws/credentials`.
+
+==== Example configuration ====
+Refer to [https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html Assuming a Role]. 
+{{{
+   [testuser]
+   aws_access_key_id=<access key for testuser>
+   aws_secret_access_key=<secret key for testuser>
+   [testrole]
+   role_arn=arn:aws:iam::123456789012:role/testrole
+   source_profile=testuser
+   mfa_serial=arn:aws:iam::123456789012:mfa/testuser
+}}}
 
 == Third-Party S3 providers ==