mirror of
https://github.com/rclone/rclone.git
synced 2024-12-23 07:29:35 +01:00
s3: Look in S3 named profile files for credentials - fixes #2243
This commit is contained in:
parent
da7a77ef2e
commit
311a962011
@ -640,6 +640,11 @@ func s3Connection(name string) (*s3.S3, *session.Session, error) {
|
||||
// * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY
|
||||
&credentials.EnvProvider{},
|
||||
|
||||
// A SharedCredentialsProvider retrieves credentials
|
||||
// from the current user's home directory. It checks
|
||||
// AWS_SHARED_CREDENTIALS_FILE and AWS_PROFILE too.
|
||||
&credentials.SharedCredentialsProvider{},
|
||||
|
||||
// Pick up IAM role if we're in an ECS task
|
||||
defaults.RemoteCredProvider(*def.Config, def.Handlers),
|
||||
|
||||
|
@ -279,20 +279,26 @@ region`.
|
||||
|
||||
### Authentication ###
|
||||
|
||||
There are two ways to supply `rclone` with a set of AWS
|
||||
credentials. In order of precedence:
|
||||
There are a number of ways to supply `rclone` with a set of AWS
|
||||
credentials, with and without using the environment.
|
||||
|
||||
- Directly in the rclone configuration file (as configured by `rclone config`)
|
||||
- set `access_key_id` and `secret_access_key`. `session_token` can be
|
||||
optionally set when using AWS STS.
|
||||
- Runtime configuration:
|
||||
- set `env_auth` to `true` in the config file
|
||||
- Exporting the following environment variables before running `rclone`
|
||||
The different authentication methods are tried in this order:
|
||||
|
||||
- Directly in the rclone configuration file (`env_auth = false` in the config file):
|
||||
- `access_key_id` and `secret_access_key` are required.
|
||||
- `session_token` can be optionally set when using AWS STS.
|
||||
- Runtime configuration (`env_auth = true` in the config file):
|
||||
- Export the following environment variables before running `rclone`:
|
||||
- Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
|
||||
- Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
|
||||
- Session Token: `AWS_SESSION_TOKEN`
|
||||
- Running `rclone` in an ECS task with an IAM role (AWS only)
|
||||
- Running `rclone` on an EC2 instance with an IAM role (AWS only)
|
||||
- Session Token: `AWS_SESSION_TOKEN` (optional)
|
||||
- Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
|
||||
- Profile files are standard files used by AWS CLI tools
|
||||
- By default it will use the profile in your home directory (eg `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
|
||||
- `AWS_SHARED_CREDENTIALS_FILE` to control which file.
|
||||
- `AWS_PROFILE` to control which profile to use.
|
||||
- Or, run `rclone` in an ECS task with an IAM role (AWS only).
|
||||
- Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
|
||||
|
||||
If none of these option actually end up providing `rclone` with AWS
|
||||
credentials then S3 interaction will be non-authenticated (see below).
|
||||
|
Loading…
Reference in New Issue
Block a user