2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello
You cant get the credentials for your current role, so you need to call sts:AssumeRole API.
Here is an example with python boto3.
You can now use the s3_client
to call S3 using the role you just assumed.
import boto3
sts_client = boto3.client('sts')
role_arn = "MyRoleArn"
role_credentials = sts_client.assume_role(
RoleArn=role_arn,
RoleSessionName='MySessionName',
)['Credentials']
print(f"{role_credentials}")
s3_client = boto3.client('s3',
aws_access_key_id=role_credentials['AccessKeyId'],
aws_secret_access_key=role_credentials['SecretAccessKey'],
aws_session_token=role_credentials['SessionToken']
)
NOTE: Be super careful with logging because the
role_credentials
variable continues your actual credentials.
Hope this helps!
//Carl
répondu il y a 2 ans
0
Your question seems to indicate that you are running on an EC2 instance. If you are running code on EC2 instance, the recommended way to get credentials is to use roles for Amazon EC2..
Here is the link to documentation on using temporary credentials, including how to use them with SDKs: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
répondu il y a 3 mois
Contenus pertinents
- demandé il y a 6 mois
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an