I cannot connect to aws s3 with an assumed rule (STS)

Help and Support
1

What is the problem you are having with rclone?

I cannot connect to aws s3 with an assumed rule ( sts )
I want to connect to AWS using an assumed role.
My AWS configuration ( role_arn) is correct, because when I use my boto3 python based task it works fine.

Run the command 'rclone version' and share the full output of the command.

rclone v1.58.1

  • os/version: ubuntu 20.04 (64 bit)
  • os/kernel: 4.4.0-22000-Microsoft (x86_64)
  • os/type: linux
  • os/arch: amd64
  • go/version: go1.17.9
  • go/linking: static
  • go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Amazon Web Services (AWS) S3

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone lsd awssb: --s3-shared-credentials-file /home/nils/.aws/credentials --s3-profile default

The rclone config contents with secrets removed.

/home/nils/.config/rclone/rclone.conf
[awssb]
type = s3
provider = AWS
env_auth = true
region = eu-central-1
acl = bucket-owner-full-control

/home/nils/.aws/config
[default]
region = eu-central-1
output = json
role_arn = arn:aws:iam::489322085691:role/SB-AWSS3

/home/nils/.aws/credentials
[default]
aws_access_key_id = AKIxxxx..
aws_secret_access_key = bUxxxx..

A log from the command with the -vv flag

rclone lsd awssb: --s3-shared-credentials-file /home/nils/.aws/credentials --s3-profile default -vv
2022/06/28 15:04:10 DEBUG : rclone: Version "v1.58.1" starting with parameters ["rclone" "lsd" "awssb:" "--s3-shared-credentials-file" "/home/nils/.aws/credentials" "--s3-profile" "default" "-vv"]
2022/06/28 15:04:10 DEBUG : Creating backend with remote "awssb:"
2022/06/28 15:04:10 DEBUG : Using config file from "/home/nils/.config/rclone/rclone.conf"
2022/06/28 15:04:10 DEBUG : awssb: detected overridden config - adding "{vVRQ-}" suffix to name
2022/06/28 15:04:10 DEBUG : fs cache: renaming cache item "awssb:" to be canonical "awssb{vVRQ-}:"
2022/06/28 15:04:10 ERROR : : error listing: AccessDenied: Access Denied
        status code: 403, request id: 1GGXCMD2Q4WFWPVG, host id: EuR+pafyxjdqJeRrej/reDl1iboy7HC1gnO2hIheIH3VFon0+gOW0aZGml5gtlA6rz0ceiKwItk=
2022/06/28 15:04:10 DEBUG : 4 go routines active
2022/06/28 15:04:10 Failed to lsd with 2 errors: last error was: AccessDenied: Access Denied
        status code: 403, request id: 1GGXCMD2Q4WFWPVG, host id: EuR+pafyxjdqJeRrej/reDl1iboy7HC1gnO2hIheIH3VFon0+gOW0aZGml5gtlA6rz0ceiKwItk=
2

hi,
maybe there is something in this that might be helpful
https://github.com/rclone/rclone/issues/5468

3

Hi, thanks a lot.
This works: rclone lsd awssb: --s3-profile default
This does not work: rclone lsd awssb: --s3-shared-credentials-file /home/nils/.aws/credentials --s3-profile default
I have no idea why the Parameter --s3-shared-credentials-file is not working. My credentials file is in /home/nils/.aws

4

things to try

--- quote the path
--s3-shared-credentials-file="/home/nils/.aws/credentials"

--- try --s3-shared-credentials-file without a path.

--- get more info using --dump=headers

5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.