amazon-web-servicesamazon-s3pre-signed-urlcyberduck

cyberduck connecting with profile


I have two AWS accounts, Account A, Account B
On Account B there is IAM Role with trust relationship to account A and S3FullAccess policy.
On Account A I have IAM user configured with access key and secret key, this IAM user has policy with assume role to the role created on Account B.
Meaning, the user on Account A has full access to S3 resources on Account B.

When I configure the access and secret keys on my local pc on ~/.aws/credentials and configure the arn_role of the role created on account B on ~/.aws/config, I have access to all S3 resources on Account B from AWS CLI.

I am using Cyberduck to create Presigned URLs and I want to create the Presigned URLs using the configuration I specified here.
I want to have access using the cross account role on Cyberduck, as I specified.
I this feature exists? alternate options are welcome.


Solution

  • It should be possible using the S3 (Credentials from AWS Security Token Service) profile from Connecting using AssumeRole from AWS Security Token Service (STS).