From 79f0b01a26582df355fd244bfdb07aa661aa99f8 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 29 Jun 2026 10:02:29 +0200 Subject: [PATCH 1/2] Add section "Connecting with AWS IAM Identity Center" --- protocols/s3/index.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/protocols/s3/index.md b/protocols/s3/index.md index 2e0a8670..b5566757 100644 --- a/protocols/s3/index.md +++ b/protocols/s3/index.md @@ -153,6 +153,16 @@ Internet or a misconfigured network. It can also be caused by an unresponsive DN to the network._ ::: +### Connecting with AWS IAM Identity Center + +:::{important} + +- Cyberduck [9.5.0](https://cyberduck.io/changelog/) or later required +- Mountain Duck [5.3.0](https://mountainduck.io/changelog/) or later required +::: + +Refer to [Connect to S3 authenticating with AWS IAM Identity Center](../../tutorials/s3_identitycenter.md) + ### Connecting with OpenID Connect (OIDC) Identity Provider :::{important} From d2f76956fd6ad67cc461be40914d85874870310c Mon Sep 17 00:00:00 2001 From: David Kocher Date: Mon, 29 Jun 2026 10:04:05 +0200 Subject: [PATCH 2/2] Cache is no longer used. --- protocols/s3/index.md | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/protocols/s3/index.md b/protocols/s3/index.md index b5566757..700eb93d 100644 --- a/protocols/s3/index.md +++ b/protocols/s3/index.md @@ -169,7 +169,7 @@ Refer to [Connect to S3 authenticating with AWS IAM Identity Center](../../tutor - Cyberduck [8.7.0](https://cyberduck.io/changelog/) or later required - Mountain Duck [4.15.0](https://mountainduck.io/changelog/) or later required - ::: +::: Connecting to AWS S3 with web identity federation using AWS Security Token Service (STS) is supported with connection profiles specifying configuration properties specific to your identity provider (IdP). @@ -255,21 +255,7 @@ Follow the [step-by-step instructions](../../tutorials/s3_iam_role_mfa.md) to re For a SSO connection authenticating with AWS IAM Identity Center (Successor to AWS Single Sign-On), the properties `sso_start_url`, `sso_account_id`, and `sso_role_name` are required within the standard credentials property file -`~/.aws/credentials` (macOS) or `%USERPROFILE%\.aws\credentials` (Windows). The access key, secret key, and session -token cached by AWS CLI are retrieved from `~/.aws/cli/cache` on macOS or `%USERPROFILE%\.aws\cli\cache` on Windows. - -To populate the correct cache locations follow these steps: - -1. Run the command `aws sso login` to populate `~/.aws/sso/cache` on macOS or respectively - `%USERPROFILE%\.aws\sso\cache` on Windows. This adds client secrets but doesn't add any usable AWS credentials. -2. Seed the second cache in `~/.aws/cli/cache` on macOS or respectively `%USERPROFILE%\.aws\cli\cache` on Windows by - running the command `aws sts get-caller-identity`. This adds the usable credentials to the location Cyberduck and - Mountain Duck reads from. - -:::{note} -You can also do this for a specific profile by adding `--profile myProfile` to the commands. Make sure to use the same -profile for both steps. -::: +`~/.aws/credentials` (macOS) or `%USERPROFILE%\.aws\credentials` (Windows). - [Configuring the AWS CLI to use AWS Single Sign-On](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)