Amazon S3 with IAM Role
ExpanDrive supports connecting to Amazon S3 using temporary security credentials issued via AWS Security Token Service (STS).
For this workflow, you provide the keys to authenticate as a user who can assume a role that has access to your bucket. ExpanDrive uses STS to get temporary credentials for the role that can access the S3 bucket. If the role is configured for MFA, ExpanDrive prompts you for the one time password and supplies the MFA information to STS. With the temporary credentials in hand, ExpanDrive provides access to the S3 bucket
This is a more secure alternative to using long-term access keys, enabling the use of IAM roles, MFA enforcement, and short-lived credentials that automatically expire.
This is ideal for teams following security best practices or those integrating with third-party identity providers or automation frameworks.
Connection Parameters
Connecting to S3 using temporary security credentials many of the same connection parameters as a conventional S3 connection. The server, custom region, nickname and bucket behave exactly the same.
Access Key
This is the access key of the user who has permission to assume a role via STS.
Secret Key
The secret key for the user who can assume a role via STS.
STS Endpoint
The endpoint for AWS STS. Use https://sts.amazonaws.com.
IAM Role
The Amazon Resource Name (ARN) of the role to assume. This role must grant access to the target S3 bucket.
Last updated
Was this helpful?