Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

AWS SSM Hybrid Activation for windows instances in Azure

0

Hi,

I have enabled AWS SSM hybrid activation for my azure windows instances.

The hybrid activation has IAM role attached with some permission like s3, etc.

the registration is successful and the azure instance is also reflected in AWS SSM fleet manager.

But from the windows instances, if I try to do

aws s3 ls

it gives

aws sts get-caller-identity aws : At line:1 char:1

  • aws sts get-caller-identity
  • CategoryInfo : NotSpecified: (:String) [], RemoteException
    • FullyQualifiedErrorId : NativeCommandError

<botocore.awsrequest.AWSRequest object at 0x0000020382F109D0>

but the azure linux instances is able to use the temporary creds generated by the IAM role attached to hybrid activation. Any idea, what I might be missing?

Argomenti
Gestione e amministrazioneComputazionali
Tag
Gestore dei sistemi AWSWindows
Lingua
English
Sayan Moitra
posta 7 mesi fa396 visualizzazioni
2 Risposte
0

Which user do you use in Windows instance? If you completed your activation process with Administrator (e.g., PowerShell in elevated mode), then the credential for the IAM role should only be available for the Administrator.

profile picture
HS
con risposta 7 mesi fa
profile picture
ESPERTO
Riku_Kobayashi
verificato 7 mesi fa
  • Sayan Moitra
    7 mesi fa

    I did the activation using the administrator mode, but then also if I try

    aws s3 ls

    from powershell in administrator mode, it gives

    <botocore.awsrequest.AWSRequest object at 0x000001CD8BAF8AD0>

  • HS
    7 mesi fa

    aws s3 ls command without a --profile option will use default profile as a default. Can you check the credential and config files (e.g., C:\Users\Administrator\.aws\credentials, C:\Users\Administrator\.aws\config) and see which profile was installed by your activation script? If the profile was not default, you should use the command with the --profile option instead (e.g., aws s3 ls --profile profile_name).

0

got it working, for some strange reason the .aws folder gets created in

C:\Windows\System32\config\systemprofile\.aws\credentials

so I have to pass

$env:AWS_SHARED_CREDENTIALS_FILE = "C:\Windows\System32\config\systemprofile\.aws\credentials"

then run

aws s3 ls --profile default --region <AWS_REGION>

Sayan Moitra
con risposta 7 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente