Was this ever resolved? I also have a use case now that requires all 3 (aws_access_key_id, aws_secret_access_key and aws_session_token) to be provided
On Wednesday, February 5, 2020 at 10:15:03 AM UTC-5 CHEVALIER Philippe wrote: > Hello, > > Maybe the answer is already out there, but I didn't find it. > > Is there a way to make s3ql commands use an assumed role to access the s3 > bucket? > > Basically, my s3 buckets can be accessed only with a specific IAM role, so > I either use a profile, or temporary credentials using aws sts. > > Example: > > aws sts assume-role --role-arn arn:aws:iam::123456789:role/s3admin > --role-session-name s3backup --profile default > > > > Which gives me back temporary credentials with aws key, aws secret and > aws_token. > > I tried this with awscli and it works perfectly if I update the > .aws/credentials file with aws_access_key_id, aws_secret_access_key and > aws_session_token > > All 3 are mandatory, or aws s3 commands don't work. > > I originally thought I could just create a authinfo file with these > informations so s3ql can access my bucket under a temporary identity, but > there's no parameter for the token. Without it, I get a 403 denied. > > I can't even start to make a mkfs.s3ql. > > After reading the aws doc ( > https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) > , the headers must contain x-amz-security-token > > Which s3ql doesn't support? > > Any idea? > -- You received this message because you are subscribed to the Google Groups "s3ql" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/s3ql/4d4aef59-fb9c-49e8-9dd7-e4669cf1c447n%40googlegroups.com.
