CloudBerry Explorer enables users to authenticate to Amazon S3 using regular credentials. Taking things further, we've implemented support for IAM roles in the latest iteration of CloudBerry Explorer — release 5.0.5. In this article, we talk about how this mechanism functions and how to assume a role in Explorer.
Introduction
Amazon has an extremely versatile authentication mechanism. That is to say, apart from regular cloud credentials, Amazon allows to create the so-called IAM roles. An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. Here how a created role looks in the AWS Console:
Now let's see how you can assume the aforementioned role in CloudBerry Explorer. But before we begin, ensure that your CloudBerry Explorer is already authenticated to S3 using credentials of the user that's been assigned to the role you're trying to assume.
Role assumption
Assuming a role in CloudBerry Explorer is no more complicated than adding a few strings in the settings file. You can navigate to the file by going to C:\Users\yourUserName\AppData\Local\CloudBerryLab\CloudBerry Explorer for Amazon S3 in Windows Explorer. Alternatively, you can locate the file via CloudBerry Explorer itself. Under Tools, click Diagnostic.
Click Open in Folder.
Open the settings.list file and add the following attributes to your S3 account (placed between <Settings> and </Settings>):
-
<AssumedRoleARN>arn:aws:iam::Y
ourAccountNumber:role/RoleName </AssumedRoleARN> -
<AssumedRoleExternalId>Externa
lId</AssumedRoleExternalId>
The values for the attributes can be fetched from the AWS Console.
Having done so, save the file and relaunch CloudBerry Explorer. Upon launching your role should be automatically assumed, and the permissions will be set in accordance with your role.