En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS SSM Hybrid Activation for windows instances in Azure

0

Hi,

I have enabled AWS SSM hybrid activation for my azure windows instances.

The hybrid activation has IAM role attached with some permission like s3, etc.

the registration is successful and the azure instance is also reflected in AWS SSM fleet manager.

But from the windows instances, if I try to do

aws s3 ls

it gives

aws sts get-caller-identity aws : At line:1 char:1

  • aws sts get-caller-identity
  • CategoryInfo : NotSpecified: (:String) [], RemoteException
    • FullyQualifiedErrorId : NativeCommandError

<botocore.awsrequest.AWSRequest object at 0x0000020382F109D0>

but the azure linux instances is able to use the temporary creds generated by the IAM role attached to hybrid activation. Any idea, what I might be missing?

Sujets
Gestion et gouvernanceCalcul
Balises
Gestionnaire de systèmes AWSWindows
Langue
English
Sayan Moitra
demandé il y a 7 mois396 vues
2 réponses
0

Which user do you use in Windows instance? If you completed your activation process with Administrator (e.g., PowerShell in elevated mode), then the credential for the IAM role should only be available for the Administrator.

profile picture
HS
répondu il y a 7 mois
profile picture
EXPERT
Riku_Kobayashi
vérifié il y a 7 mois
  • Sayan Moitra
    il y a 7 mois

    I did the activation using the administrator mode, but then also if I try

    aws s3 ls

    from powershell in administrator mode, it gives

    <botocore.awsrequest.AWSRequest object at 0x000001CD8BAF8AD0>

  • HS
    il y a 7 mois

    aws s3 ls command without a --profile option will use default profile as a default. Can you check the credential and config files (e.g., C:\Users\Administrator\.aws\credentials, C:\Users\Administrator\.aws\config) and see which profile was installed by your activation script? If the profile was not default, you should use the command with the --profile option instead (e.g., aws s3 ls --profile profile_name).

0

got it working, for some strange reason the .aws folder gets created in

C:\Windows\System32\config\systemprofile\.aws\credentials

so I have to pass

$env:AWS_SHARED_CREDENTIALS_FILE = "C:\Windows\System32\config\systemprofile\.aws\credentials"

then run

aws s3 ls --profile default --region <AWS_REGION>

Sayan Moitra
répondu il y a 7 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents