Amazon S3 with IAM Role

ExpanDrive connects to Amazon S3 using temporary security credentials issued via AWS Security Token Service (STS).

For this workflow, you provide the keys to authenticate as a user who can assume a role that has access to your bucket. ExpanDrive uses STS to get temporary credentials for the role that can access the S3 bucket. If the role is configured for MFA, ExpanDrive prompts you for the one-time password and supplies the MFA information to STS. With the temporary credentials in hand, ExpanDrive provides access to the S3 bucket.

This is a more secure alternative to long-term access keys. It supports IAM roles, MFA enforcement, and short-lived credentials that automatically expire.

Connection Parameters

Connecting to S3 using temporary security credentials uses many of the same connection parameters as a conventional S3 connection. The server, custom region, nickname, and bucket behave exactly the same.

Access Key

This is the access key of the user who has permission to assume a role via STS.

Secret Key

The secret key for the user who can assume a role via STS.

STS Endpoint

The endpoint for AWS STS. Use https://sts.amazonaws.com.

IAM Role

The Amazon Resource Name (ARN) of the role to assume. This role must grant access to the target S3 bucket.