Skip to content

Unable to authenticate with S3 (Credentials from AWS Command Line Interface) profile #15222

New issue
New issue
Closed
#15313
#15236
Closed
Unable to authenticate with S3 (Credentials from AWS Command Line Interface) profile#15222
#15313
#15236
Assignees
dkocher
Labels
s3AWS S3 Protocol Implementation
Milestone
8.7.1
@oohnoitz

Description

@oohnoitz
oohnoitz
opened on Oct 19, 2023

Describe the bug
When using version 8.7.0 with Credentials from AWS CLI profile, the following message is shown: "The AWS Access Key Id you provided does not exist in our records."

Downgrading back to 8.6.3 works correctly and picks up the credentials correctly.

To Reproduce
Steps to reproduce the behavior:

  1. Set up AWS SSO with either the legacy or new format
  2. Connect with the Credentials from AWS CLI profile
  3. See the error mentioned above

Expected behavior
Able to connect with SSO/credentials from CLI.

Desktop (please complete the following information):

  • OS: macOS 14.0

Log Files

8.7.0 connection log:

2023-10-19 08:06:31,259 [Thread-32] DEBUG ch.cyberduck.core.Session - Connection did open to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:06:31,259 [Thread-32] DEBUG ch.cyberduck.core.KeychainLoginService - Attempt authentication for Session{host=Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}, state=open}
2023-10-19 08:06:31,262 [Thread-32] DEBUG ch.cyberduck.core.s3.S3Session - Connect with basic credentials to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:06:31,267 [Thread-32] DEBUG ch.cyberduck.core.shared.DefaultPathHomeFeature - No default path set for bookmark Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}

8.6.3 connection log:

2023-10-19 08:07:54,934 [Thread-33] DEBUG ch.cyberduck.core.Session - Connection did open to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null',
workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.KeychainLoginService - Attempt authentication for Session{host=Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}, state=open}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Load profiles from Local{path='/Users/xxxx/.aws/config'} and Local{path='/Users/xxxx/.aws/credentials'}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Reading AWS file Local{path='/Users/xxxx/.aws/config'}
2023-10-19 08:07:54,937 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Found matching profile SSO_TEST for profile name SSO_TEST
2023-10-19 08:07:54,937 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Configure credentials from basic profile SSO_TEST
2023-10-19 08:07:54,960 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Attempting to read SSO credentials from /Users/xxxx/.aws/cli/cache/bf923355127d698e30fed927d41b3514b9a9d93e.json
2023-10-19 08:07:54,966 [Thread-33] WARN  ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Expired AWS SSO credentials.
2023-10-19 08:07:54,968 [Thread-33] DEBUG ch.cyberduck.core.shared.DefaultPathHomeFeature - No default path set for bookmark Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}

The biggest difference when looking at logs generated from both versions is that 8.6.3 mentioned the local credentials.

Metadata

Metadata

Assignees

Labels

s3AWS S3 Protocol Implementation

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions