Opened 8 years ago
Closed 8 years ago
#6243 closed defect (fixed)
vsis3 using temporary credentials
| Reported by: | perrygeo | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | s3 vsis3 |
| Cc: |
Description
The preferred method of managing credentials on AWS involves temporary sessions as described here: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
This doesn't appear to be supported by vsis. As demonstrated below, I have set all the necessary env vars to allow access via other s3 interfaces such as boto and the official CLI.
$ aws s3 ls s3://bucket/tmp/perrygeo/test.tif 2015-11-02 14:05:27 154058 test.tif $ echo $AWS_ $AWS_ACCESS_KEY_ID $AWS_MFA_SERIAL $AWS_SECRET_ACCESS_KEY $AWS_SESSION_TOKEN
But GDAL's vsis3 driver does not work in this case.
$ gdalinfo /vsis3/bucket/tmp/perrygeo/test.tif ERROR 1: The AWS Access Key Id you provided does not exist in our records. ERROR 1: The AWS Access Key Id you provided does not exist in our records. gdalinfo failed - unable to open '/vsis3/bucket/tmp/perrygeo/test.tif'.
I suspect it might have something to do with the AWS_SESSION_TOKEN env variable not getting passed?
Note:
See TracTickets
for help on using tickets.
trunk r32955 "/vsis3/: support AWS_SESSION_TOKEN env. variable for temporary security credentials (#6243)"