What is the problem you are having with rclone?
A recent s3 copy to an on-prem server was over 10 million files. Auditing the Cloudtrail metrics appeared to report a call to AssumeRole for each file that was transferred.
The Go v2 AWS SDK has a migration note that states that assigning a custom credentials provider requires wrapping it with aws.CredentialsCache. It doesn’t appear that rclone does this for the role based provider that is assigned here. That being said I’m not fluent in Go so I may be missing it being done elsewhere.
I checked for other posts in the forums and issues on the repo but didn’t find one except for this one in 2020 (unable to link to due to new user restriction), but the role based credential provider wasn’t added until November 2025 (unable to link to PR due to new user restriction) so that didn’t seem pertinent.
Run the command 'rclone version' and share the full output of the command.
rclone v1.73.5
- os/version: alpine 3.23.4 (64 bit)
- os/kernel: 6.8.0-100-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.26.2
- go/linking: static
- go/tags: none
(As a side note I’m using the docker image on docker hub on the off chance it matters)
Which cloud storage system are you using? (eg Google Drive)
AWS S3
The command you were trying to run (eg rclone copy /tmp remote:tmp)
rclone copy aws_s3:bucketName /path/to/my/local/dir -P --files-from /path/to/from/files/list.txt --combined /path/to/combined/file.txt --no-traverse --checkers 100 --transfers 750 --bwlimit 400M --use-mmap
The rclone config contents with secrets removed.
[aws_s3]
type = s3
provider = AWS
env_auth = true
region = us-west-2
acl = private
role_arn = role_arn_here
role_session_name = role_session_name_here
role_session_duration = 15m
A log from the command with the -vv flag
Unable to retrieve, log was deleted after the job completed
