From 2f0551074c17fa6dd95dd3e4d8a8ff54fe4ed81e Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Mon, 11 Sep 2017 14:49:59 -0700 Subject: [PATCH] s3: set session token when using STS --- docs/content/s3.md | 6 ++++-- s3/s3.go | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/content/s3.md b/docs/content/s3.md index e407b729d..f0ce46ef5 100644 --- a/docs/content/s3.md +++ b/docs/content/s3.md @@ -240,12 +240,14 @@ There are two ways to supply `rclone` with a set of AWS credentials. In order of precedence: - Directly in the rclone configuration file (as configured by `rclone config`) - - set `access_key_id` and `secret_access_key` + - set `access_key_id` and `secret_access_key`. `session_token` can be + optionally set when using AWS STS. - Runtime configuration: - set `env_auth` to `true` in the config file - Exporting the following environment variables before running `rclone` - Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` - Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` + - Session Token: `AWS_SESSION_TOKEN` - Running `rclone` on an EC2 instance with an IAM role If none of these option actually end up providing `rclone` with AWS @@ -478,4 +480,4 @@ So once set up, for example to copy files into a bucket ``` rclone copy /path/to/files minio:bucket -``` \ No newline at end of file +``` diff --git a/s3/s3.go b/s3/s3.go index 3fea79f6f..98f059183 100644 --- a/s3/s3.go +++ b/s3/s3.go @@ -313,6 +313,7 @@ func s3Connection(name string) (*s3.S3, *session.Session, error) { v := credentials.Value{ AccessKeyID: fs.ConfigFileGet(name, "access_key_id"), SecretAccessKey: fs.ConfigFileGet(name, "secret_access_key"), + SessionToken: fs.ConfigFileGet(name, "session_token"), } // first provider to supply a credential set "wins"