Comments (4)
When dealing with multiple accounts, sometimes there is no default.
There are really 2 things needed to be complete:
- specify a non
default
profile (from ~/.aws/credentials) - specify as role ARN to assume. The SDK doesn't read ~/.aws/config like the aws CLI does, you need to call STS to assume roles.
So in my case, I have keys for an account, but need to assume a role in another account to perform the operation. For instance my config might look like this:
% cat ~/.aws/config
[production]
region = us-east-1
[profile admin]
role_arn = arn:aws:iam::XXXXXXXX:role/Admin
source_profile = production
region = us-east-1
My S3 operation on the CLI might look like this:
aws --profile admin s3 sync XXXXX
Under the hood, the CLI uses the production
credentials in ~/.aws/credentials
and then assumes the role via STS.
If you can support both these case, you'll be perfect. The SDK does the first one automatically for you if you use the default credentials provider chain. The STS role assumption stuff you'll need to add more code for.
from deb-s3.
Nobody parses the config file except the aws cli that I have found. I did something similar for unicreds here.
Your patch looks more or less correct. The role arn is just an updated config you use in the client setup. The force_path_style
seems to be s3 specific and not related to the credentials setup. I'd pull that block out of the if/else to update the config if role arn is specified.
from deb-s3.
I'll look into this... prefer to be able to have it automatically pick one up.
from deb-s3.
Here is an example diff that lets me set role-arn via the CLI. It would be more ideal to respect the aws config files properly, but this is a quick workaround. I haven't yet figured out where to put the force_path_style option for the STS connection.
from deb-s3.
Related Issues (20)
- 0.9.1 removed the --use-ssl flag
- does not match the server certificate
- How to use gpg2? HOT 1
- gpg: cannot open tty `/dev/tty' HOT 1
- Signing package HOT 1
- weak digest algorithm HOT 1
- --fail-if-exists has no effect HOT 5
- InRelease should be generated by default HOT 4
- Prune orphaned packages from s3
- Method missing `public_url` in #<Seahorse::Client::Response> with --fail-if-exists HOT 1
- error in deb-s3 show: wrong number of arguments
- error in deb-s3 verify HOT 2
- S3-backed configuration configuration file?
- Re-genning `deb-s3` binary
- The authorization header is malformed; the Credential is mal-formed; expecting "<YOUR-AKID>/YYYYMMDD/REGION/SERVICE/aws4_request". HOT 2
- Can't upload packages built with Ubuntu Bionic HOT 3
- create signed repo
- Security: deb-s3 incorporates existing release/manifests without verifying signatures HOT 2
- Maintainers: This is not the repo you're looking for! HOT 3
- Add link to the active fork & transfer gem ownership? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deb-s3.