2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
1
Encountered this same problem today as well. What I did to over come this was assume a Role in Account B, set the credentials in the AWS.config.credentials with the temp creds, then create the IotData object with the IoT endpoint before you publish the message.
let credentials = await STS.assumeRole({
RoleArn: 'arn:aws:iam::123456789:role/iotRole',
RoleSessionName: 'testRoleSessionName'
}).promise();
const remoteCredentials = new AWS.Credentials(
credentials.Credentials.AccessKeyId,
credentials.Credentials.SecretAccessKey,
credentials.Credentials.SessionToken);
const iotData = new AWS.IotData({
endpoint: 'a3m99gntexample-ats.iot.us-east-1.amazonaws.com', // IoTEndpoint of Account B
credentials: remoteCredentials
});
const data = await iotData.publish({
topic: `topicfilter/data/clientIdHere`,
payload: JSON.stringify({event: 'whatever'}),
qos: 1
}).promise();
Be sure to give the lambda's execution role in Account A the permission to STS:AssumeRole and setup the "iotRole" in Account B to trust Account A.
Edited by: jofamaws on May 5, 2020 12:39 PM
respondido há 4 anos
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos