Describe the bug
When creating a new AWS S3 connection with access key/credentials for new account, if there is an error with IAM profile, no error is displayed and S3 buckets available to default AWS profile are listed - even with option off.
To Reproduce
Steps to reproduce the behavior:
- Set up AWS CLI default profile for AWS account A (with full access to S3 buckets)
- In AWS account B, create IAM user with role/policy that has access to a single S3 bucket in account B - the policy we used did not have an action for s3:ListAllMyBuckets, which should cause an error
- Create access key/secret key for user in account B.
- Open CyberDuck and click Open Connection
- Create new Amazon S3 connection, enter access key/secret key for IAM user to access account B, click Connect
- Screen flashes and S3 buckets in account A are listed and user has full access (looks like I just logged into account A with account B user)
- Click Open Connection again
- Enter access key/secret for IAM user to access account B
- Error is displayed that user policy is not correct and no s3 buckets are displayed
Expected behavior
Display error that policy is not correct and do not display any S3 buckets
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: Windows 11
- Version: 9.4.1
Log Files
cyberduck.log
Additional context
Add any other context about the problem here.
Checked Preferences->Profile options and the option S3 (Credentials from AWS Command Line Interface) is not selected.
This caused a bunch of red flags to be raised because the person who found this had default CLI access to all S3 buckets in the same account they were adding the user to, so when it failed when they tested in CyberDuck, it appeared to them that the new user had access to all S3 buckets in the account, not just the S3 bucket they were supposed to have access to.
Describe the bug
When creating a new AWS S3 connection with access key/credentials for new account, if there is an error with IAM profile, no error is displayed and S3 buckets available to default AWS profile are listed - even with option off.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Display error that policy is not correct and do not display any S3 buckets
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Log Files
cyberduck.log
Additional context
Add any other context about the problem here.
Checked Preferences->Profile options and the option S3 (Credentials from AWS Command Line Interface) is not selected.
This caused a bunch of red flags to be raised because the person who found this had default CLI access to all S3 buckets in the same account they were adding the user to, so when it failed when they tested in CyberDuck, it appeared to them that the new user had access to all S3 buckets in the account, not just the S3 bucket they were supposed to have access to.