How Amazon Security Token Service Works

This feature is only available on FileZilla Pro, if you didn’t buy it yet you can buy FileZilla Pro from our Store.

You can access S3 resources that belong to another user by using temporary credentials provided by the AWS Security Token Service (STS). This is done by assuming a role created by the granting user.

  1. In Site Manager edit your S3 entry.
  2. In the S3 tab enter:
    • Role ARN (Amazon Resource Name): this identifies the role created by the granting
      user. Your user will assume this role.
    • MFA Device Serial: your MFA (Multi-factor authentication) device identification if the
      role trust policy requires multi-factor authentication. This can be either a serial for a
      physical device or a registered ARN for a virtual device (eg an authentication app in your smartphone).

    When connecting and if the MFA device serial is configured you will be asked to provide
    the token code generated by the MFA device:

Tags: , , ,