Add support for session tokens (MFA users)

[phealy3330]

My AWS account has Multi Factor Authentication activated it would be nice to add support in your credentials file for the Session token and ephemeral accesskey and secretkey required for MFA enabled API access

With the AWS SDK CLI it works like this:

aws sts get-session-token --serial-number "arn:aws:iam::[ACCOUNT_NUMBER]:mfa/[IAM_USERNAME]" --token-code [COE_FROM_MFA_DEVICE]

I put in my code from Google Authenticator tied to my AWS account and it spits out some JSON:

{
    "Credentials": {
        "SecretAccessKey": "[Secret Key]", 
        "SessionToken": "[Session Token]", 
        "Expiration": "2017-02-25T09:15:03Z", 
        "AccessKeyId": "[Access key ID]"
    }
}

Then I put these keys in my credential file

Otherwise to use your glacieruploader program I have to add another IAM user without the MFA enabled to use a static accesskey and secretkey

[MoriTanosuke]

I don't use MFA myself, but if I get the documentation right this should be solved by commit 66a9e96130a5c2640022300b0ad21b24845deabe where I switched to DefaultAWSCredentialsProviderChain:

From the docs:

AWS credentials provider chain that looks for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
  • Java System Properties - aws.accessKeyId and aws.secretKey
  • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
  • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
  • Instance profile credentials delivered through the Amazon EC2 metadata service

If anyone is using MFA with Amazon AWS, please give it a try and comment on this issue.

[phealy3330]

This seems to work if you add the access key, secret key and session token to the credentials file under the [default] section It seems to stay stuck in an INFO loop though:

java -jar glacieruploader-impl-0.1.1-SNAPSHOT-jar-with-dependencies.jar --upload test.file 
INFO  Using region: us-east-1
INFO  Starting to upload test.file to vault [Redacted]...
INFO  Uploaded archive [Redacted]
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred
INFO  8/8 transferred

I broke out with ctrl+C, I am waiting for my inventory job to finish so I can verify that the file was successfully uploaded to glacier