Amazon S3 with IAM Role

ExpanDrive supports connecting to Amazon S3 using temporary security credentials issued via AWS Security Token Service (STS).

For this workflow, you provide the keys to authenticate as a user who can assume a role that has access to your bucket. ExpanDrive uses STS to get temporary credentials for the role that can access the S3 bucket. If the role is configured for MFA, ExpanDrive prompts you for the one time password and supplies the MFA information to STS. With the temporary credentials in hand, ExpanDrive provides access to the S3 bucket

This is a more secure alternative to using long-term access keys, enabling the use of IAM roles, MFA enforcement, and short-lived credentials that automatically expire.

This is ideal for teams following security best practices or those integrating with third-party identity providers or automation frameworks.

Connection Parameters

Connecting to S3 using temporary security credentials many of the same connection parameters as a conventional S3 connection. The server, custom region, nickname and bucket behave exactly the same.

Access Key

This is the access key of the user who has permission to assume a role via STS.

Secret Key

The secret key for the user who can assume a role via STS.

STS Endpoint

The endpoint for AWS STS. Use https://sts.amazonaws.com.

IAM Role

The Amazon Resource Name (ARN) of the role to assume. This role must grant access to the target S3 bucket.