TrueCloudLab/rclone
16
0
Fork 3
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

s3: Look in S3 named profile files for credentials - fixes #2243

Browse source
This commit is contained in:
Nick Craig-Wood 2018-04-16 12:14:35 +01:00
parent da7a77ef2e
commit 311a962011
2 changed files with 22 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
backend/s3/s3.go
View file

@ -640,6 +640,11 @@ func s3Connection(name string) (*s3.S3, *session.Session, error) {
// * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY // * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY
&credentials.EnvProvider{}, &credentials.EnvProvider{},
// A SharedCredentialsProvider retrieves credentials
// from the current user's home directory. It checks
// AWS_SHARED_CREDENTIALS_FILE and AWS_PROFILE too.
&credentials.SharedCredentialsProvider{},
// Pick up IAM role if we're in an ECS task // Pick up IAM role if we're in an ECS task
defaults.RemoteCredProvider(*def.Config, def.Handlers), defaults.RemoteCredProvider(*def.Config, def.Handlers),

28
docs/content/s3.md
View file

@ -279,20 +279,26 @@ region`.
### Authentication ### ### Authentication ###
There are two ways to supply `rclone` with a set of AWS There are a number of ways to supply `rclone` with a set of AWS
credentials. In order of precedence: credentials, with and without using the environment.
- Directly in the rclone configuration file (as configured by `rclone config`) The different authentication methods are tried in this order:
- set `access_key_id` and `secret_access_key`. `session_token` can be
optionally set when using AWS STS. - Directly in the rclone configuration file (`env_auth = false` in the config file):
- Runtime configuration: - `access_key_id` and `secret_access_key` are required.
- set `env_auth` to `true` in the config file - `session_token` can be optionally set when using AWS STS.
- Exporting the following environment variables before running `rclone` - Runtime configuration (`env_auth = true` in the config file):
- Export the following environment variables before running `rclone`:
- Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` - Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
- Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` - Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
- Session Token: `AWS_SESSION_TOKEN` - Session Token: `AWS_SESSION_TOKEN` (optional)
- Running `rclone` in an ECS task with an IAM role (AWS only) - Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
- Running `rclone` on an EC2 instance with an IAM role (AWS only) - Profile files are standard files used by AWS CLI tools
- By default it will use the profile in your home directory (eg `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
- `AWS_SHARED_CREDENTIALS_FILE` to control which file.
- `AWS_PROFILE` to control which profile to use.
- Or, run `rclone` in an ECS task with an IAM role (AWS only).
- Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
If none of these option actually end up providing `rclone` with AWS If none of these option actually end up providing `rclone` with AWS
credentials then S3 interaction will be non-authenticated (see below). credentials then S3 interaction will be non-authenticated (see below).