Cyberduck Mountain Duck CLI

Changes between Version 242 and Version 243 of help/en/howto/s3


Ignore:
Timestamp:
Jul 20, 2018 7:39:35 AM (2 years ago)
Author:
dkocher
Comment:

STS

Legend:

Unmodified
Added
Removed
Modified
  • help/en/howto/s3

    v242 v243  
    5656that will fetch temporary credentials from EC2 instance metadata service at `http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access` to authenticate. Edit the profile to change the role name `s3access` to match your IAM configuration.
    5757
    58 === Read credentials from ~/.aws/credentials ===
    59 When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`.
     58=== Connecting using AssumeRole from AWS Security Token Service (STS) ===
     59'''Version 6.7.0 or later required'''
     60Instead of providing Access Key ID and Secret Access Key, authenticate using temporary credentials from AWS Security Token Service (STS) with optional Multi-Factor Authentication (MFA). Refer to [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles].
     61
     62==== Read credentials from ~/.aws/credentials ====
     63When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`. You must provide configuration in the standard credentials property file `~/.aws/credentials` from [https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html AWS Command Line Interface]. Configure a bookmark with the `Username` matching the profile name from `~/.aws/credentials`.
     64
     65==== Example configuration ====
     66Refer to [https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html Assuming a Role].
     67{{{
     68   [testuser]
     69   aws_access_key_id=<access key for testuser>
     70   aws_secret_access_key=<secret key for testuser>
     71   [testrole]
     72   role_arn=arn:aws:iam::123456789012:role/testrole
     73   source_profile=testuser
     74   mfa_serial=arn:aws:iam::123456789012:mfa/testuser
     75}}}
    6076
    6177== Third-Party S3 providers ==
swiss made software