Security Token Service support for AWS S3

Advertisement

Advertisement

martin
Site Admin
martin avatar

Re: Security Token Service support for AWS S3

This has been implemented. I'm sending you a development version of WinSCP for testing.

Reply with quote

Advertisement

Guest

Re: Security Token Service support for AWS S3

With Amazon SSO you get temporary keys instead of having to create an IAM user for S3 users but they only work with a session token as well.

One work around would be to have a place to put the session token and pass it or to pull from the .AWS/Credentials file based on a profile that is pre saved.

Reply with quote

Meerkat
Joined:
Posts:
2
Location:
United Kingdom

Re: Security Token Service support for AWS S3 Multiple Profiles

Hi

First off, avid user of WinSCP, thank you for a great app!

I access a number of S3 buckets and have multiple AWS profiles. Due to security changes I need to use temp credentials. In Cyberduck one can select the profile and path and it connects to the different S3 bucket using the selected profile from the AWS credentials and config.

I tried the new version WinSCP version and ticked the box to read credentials from the AWS CLI configuration but I'm not having any luck due to the multiple profiles.

When I do it manually for a specific profile and input the temp aws_access_key_id, aws_secret_access_key and aws_security_token it works.

Is it possible to add a feature to specify the use a specific profile?

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Security Token Service support for AWS S3 Multiple Profiles

@Meerkat: WinSCP does not have a way to select an AWS profile (yet). All you can do atm is to create e.g. a desktop shortcut that starts WinSCP with the profile set via AWS_PROFILE environment variable.

Reply with quote

Meerkat

Security Token Service support for AWS S3 Multiple Profiles

Thanks, for the feedback. Do you have a dummy example of how to set the the cli command AWS_PROFILE parameter in the desktop shortcut link?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
42,444
Location:
Prague, Czechia

Re: Security Token Service support for AWS S3 Multiple Profiles

Create a shortcut with a target like this:
cmd /c "set AWS_PROFILE=foo & start "" "C:\Program Files (x86)\WinSCP\WinSCP.exe""
Optionally you can even add session name to WinSCP.exe command line to have it open the session automatically.

This naive approach might popup console window briefly. There are more complex methods that avoid that.

Reply with quote

Advertisement

You can post new topics in this forum