Re: Latest build is working
@sohail2k: Thanks for your feedback.
- martin
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- sohail2k
Latest build is working
Hi Martin – I want to thank you for the past few days helping in fixing this issue. I can confirm that the latest build is working with the ARN Role in both Windows 11 and Windows 10.
Thanks again.
Sohail
Thanks again.
Sohail
- sohail2k
Ok I tested it on another machine and it works!!!
However, this is my development machine with lots of crap installed. Not sure if I had the missing libraries/dlls already installed or something else. It's a Windows 11 machine, whereas the machine I was testing earlier is a Windows 10 work machine.
Note: I already use the latest builds of WinSCP on the Windows 10 machine without issues.
Could you please advise if there are any dependencies that needs to be installed on the machine? Seems like a late binding is throwing the error – an early binding would have failed the application to load.
However, this is my development machine with lots of crap installed. Not sure if I had the missing libraries/dlls already installed or something else. It's a Windows 11 machine, whereas the machine I was testing earlier is a Windows 10 work machine.
Note: I already use the latest builds of WinSCP on the Windows 10 machine without issues.
Could you please advise if there are any dependencies that needs to be installed on the machine? Seems like a late binding is throwing the error – an early binding would have failed the application to load.
- sohail2k
Re: AWS support for roles
Hi Martin – Thanks for the update, but getting the below error on attempting to connect to S3
I've tried both the Advanced settings as well as read from the credentials file.
Microsoft MSXML is not installed
I've tried both the Advanced settings as well as read from the credentials file.
- szasza
Re: AWS support for roles
@martin: Hi Martin,
Thank you, it is greatly appreciated. I will do some testing over the weekend and will come back to you with the results.
Thank you again.
Thank you, it is greatly appreciated. I will do some testing over the weekend and will come back to you with the results.
Thank you again.
- martin
Re: AWS support for roles
@fabiopedrosa, @szasza and @sohail2k: I'm sending you an email with a development version of WinSCP to the addresses you have used to register on this forum.
- sohail2k
Oh yes – sorry for the trouble.
- martin
Re: Clarification on roles
@sohail2k: Thanks for your donation. Your PayPal address does not match your forum account address. So they couldn't be linked automatically. I've done so manually now.
- sohail2k
Re: Clarification on roles
Hi @Martin – I just voted and donated but don't see additional 4 votes added.
- szasza
My pleasure, thank you as well for creating the corresponding issue, it is much appreciated.
- martin
Re: Clarification on roles
Thanks for the clarification.
I have added this request to the tracker:
Issue 2249 – Allow assuming IAM role in S3 sessions
You can vote for it there.
I have added this request to the tracker:
Issue 2249 – Allow assuming IAM role in S3 sessions
You can vote for it there.
- szasza
Clarification on roles
Hi Martin,
So how AWS works is that your IAM user can have multiple IAM roles, sometimes in different AWS accounts. Scenario: I have an user created in AWS account A, but I want to access a bucket in account B.
One achieves this by authenticating with AWS using the various credentials, and then assuming a role in account B. As @fabiopedrosa described, the access ID and secret key (Account A) gets read from
It is also important to note that this role is attached to the IAM user. I am not talking about the EC2 instance's instance role which was implemented in Issue 2089 – Allow S3 connection with IAM role instead of credentials.
So how AWS works is that your IAM user can have multiple IAM roles, sometimes in different AWS accounts. Scenario: I have an user created in AWS account A, but I want to access a bucket in account B.
One achieves this by authenticating with AWS using the various credentials, and then assuming a role in account B. As @fabiopedrosa described, the access ID and secret key (Account A) gets read from
.aws/credentials, but the role_arn (the role in Account B we want to assume) is stored in .aws/config (role_arn). The respective API call for assuming a role is described here: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
It is also important to note that this role is attached to the IAM user. I am not talking about the EC2 instance's instance role which was implemented in Issue 2089 – Allow S3 connection with IAM role instead of credentials.
- martin
Re: AWS support for roles
WinSCP 6.2 allows assuming role of the machine.
Issue 2089 – Allow S3 connection with IAM role instead of credentials
I guess that this is a variant of that, where you can select yet another role, right?
Are the information in
Issue 2089 – Allow S3 connection with IAM role instead of credentials
I guess that this is a variant of that, where you can select yet another role, right?
Are the information in
config used to retrieve a temporary credentials, for thar role?
- fabiopedrosa
AWS support for roles
Although WinSCP allows us to chose a profile, it doesn't allow us to assume a role.
Profiles are defined in
Profiles are defined in
~/.aws/credentials but roles are defined in ~/.aws/config such as:
[profile management]
role_arn=arn:aws:iam::110049787138:role/AwsCrossAccountAdministrator
region=us-west-2
source_profile=terraform_credentials
role_session_name=terraform-configuration