AWS support for roles

Although WinSCP allows us to chose a profile, it doesn't allow us to assume a role.

Profiles are defined in ~/.aws/credentials but roles are defined in ~/.aws/config such as:

WinSCP 6.2 allows assuming role of the machine.
Issue 2089 – Allow S3 connection with IAM role instead of credentials
I guess that this is a variant of that, where you can select yet another role, right?
Are the information in config used to retrieve a temporary credentials, for thar role?

Hi Martin,

So how AWS works is that your IAM user can have multiple IAM roles, sometimes in different AWS accounts. Scenario: I have an user created in AWS account A, but I want to access a bucket in account B.

One achieves this by authenticating with AWS using the various credentials, and then assuming a role in account B. As @fabiopedrosa described, the access ID and secret key (Account A) gets read from .aws/credentials, but the role_arn (the role in Account B we want to assume) is stored in .aws/config (role_arn). The respective API call for assuming a role is described here: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

It is also important to note that this role is attached to the IAM user. I am not talking about the EC2 instance's instance role which was implemented in Issue 2089 – Allow S3 connection with IAM role instead of credentials.

Thanks for the clarification.

I have added this request to the tracker:
Issue 2249 – Allow assuming IAM role in S3 sessions
You can vote for it there.

My pleasure, thank you as well for creating the corresponding issue, it is much appreciated.

Hi @Martin – I just voted and donated but don't see additional 4 votes added.

@sohail2k: Thanks for your donation. Your PayPal address does not match your forum account address. So they couldn't be linked automatically. I've done so manually now.

Oh yes – sorry for the trouble.

@fabiopedrosa, @szasza and @sohail2k: I'm sending you an email with a development version of WinSCP to the addresses you have used to register on this forum.

@martin: Hi Martin,

Thank you, it is greatly appreciated. I will do some testing over the weekend and will come back to you with the results.

Thank you again.

Hi Martin – Thanks for the update, but getting the below error on attempting to connect to S3

Microsoft MSXML is not installed

I've tried both the Advanced settings as well as read from the credentials file.

Ok I tested it on another machine and it works!!!

However, this is my development machine with lots of crap installed. Not sure if I had the missing libraries/dlls already installed or something else. It's a Windows 11 machine, whereas the machine I was testing earlier is a Windows 10 work machine.

Note: I already use the latest builds of WinSCP on the Windows 10 machine without issues.

Could you please advise if there are any dependencies that needs to be installed on the machine? Seems like a late binding is throwing the error – an early binding would have failed the application to load.

Hi Martin – I want to thank you for the past few days helping in fixing this issue. I can confirm that the latest build is working with the ARN Role in both Windows 11 and Windows 10.

Thanks again.
Sohail

@sohail2k: Thanks for your feedback.