Enhance S3 to S3 Transfer Tutorial using AWS Temp Credentials (AWS STS Token)

[hemantxpatel]

Current Setup

Assuming Alice as a provider connector and Bob being consumer connector.
Bob's shares its actual AWS credential with Alice to initiate the file transfer. Bob should generate an AWS Temporary Token with limited access and expiry. Alice can misuse Bob's credentials.

Issue

MinIO has limited support of STS token. We can generate a STS token using AWS CLI

aws --endpoint-url http://localhost:9000 sts assume-role --policy '{"Version":"2012-10-17","Statement":[{"Sid":"S3Access","Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::*"}]}' --role-arn arn:xxx:xxx:xxx:xxxx --role-session-name anything --duration-seconds $((365 * 86400))

This command returns a response similar to:

{
    "Credentials": {
        "AccessKeyId": "6V6DRU6086RMH7D9LEN0",
        "SecretAccessKey": "PH8eyvr+5G7iydON8t2mgaTXgjH8JOFXlBQsphPa",
        "SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2VjZEUlU2MDg2Uk1IN0Q5TEVOMCIsImV4cCI6MTczMjk2ODI0MiwicGFyZW50IjoiYWxpY2Vhd3NjbGllbnQiLCJzZXNzaW9uUG9saWN5IjoiZXlKV1pYSnphVzl1SWpvaU1qQXhNaTB4TUMweE55SXNJbE4wWVhSbGJXVnVkQ0k2VzNzaVUybGtJam9pVXpOQlkyTmxjM01pTENKRlptWmxZM1FpT2lKQmJHeHZkeUlzSWtGamRHbHZiaUk2SW5Nek9pb2lMQ0pTWlhOdmRYSmpaU0k2SW1GeWJqcGhkM002Y3pNNk9qb3FJbjFkZlE9PSJ9.9WvwmfUyeES0VxbPPzVH0fOdlh_Y394BcxCscZp4EszliIFqgpwNKaUe-OeE8SKyKHN3QM5IGCrjMPQAv0FAig",
        "Expiration": "2024-11-30T12:04:02+00:00"
    },
    "AssumedRoleUser": {
        "Arn": ""
    }
}

Now this new token is not accepted by MinIO. Alice`s connector-dataplane throws an error:

software.amazon.awssdk.services.s3.model.S3Exception: The Access Key Id you provided does not exist in our records.