Handle AWS_SESSION_TOKEN environment variable #557
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
if awscli can get the session token, why can't s3cmd? Why call aws sts get-session-token, store it in the environment, then invoke s3cmd? At that point, might as well just use awscli for everything... |
|
I'm not saying s3cmd couldn't get session tokens itself. I would prefer not to re-invent the wheel. As for using awscli for everything, s3cmd has better performance and I think the 'sync' command has somewhat different semantics, making it not quite a drop-in replacement for s3cmd in existing scripts. |
added 3 commits
June 11, 2015 14:46
This allows s3cmd to be used with temporary credentials as provided by aws-cli's `aws sts get-session-token` command, which is useful if your API key is required by a policy to use MFA. Add option to fetch temporary credentials from EC2's metadata service even if the config file or environment variables have them. This can be convenient if you'd rather not remove environment variables from your environment but you do want to use an IAM role. Rename access_token to session_token. This is the canonical name for the temporary token, see [0]. [0] http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
If access_key and secret_key command line args were passed, and there was no config file or environment variables set, the Config.used_role_config option got set which caused us to try to re-fetch temporary credentials on every request.
philsnow
force-pushed
the
philsnow/sts-use-session-token
branch
from
23f3759
to
aa422b6
Compare
|
I'd much rather merge a patch that gets the session token directly. |
|
fair. closing this. if anybody else wants this as-is, it's in my fork. thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows s3cmd to be used with temporary credentials as provided by aws-cli's
aws sts get-session-tokencommand, which is useful if your API key is required by a policy to use MFA.