- Newest
- Most votes
- Most comments
Hi,
You will have to have assumed a role before each access to S3 from whichever place you run the code: your laptop, EC2 instance, ECS container, Lambda function, etc.
So, it means that you will have to touch your application code to make sure that you've called STS AssumeRole before each S3 access. And you may have to renew this AssumeRole as it lasts only a time given in the role definition.
Here is a full example of what you have to do for an EC2 instance accessing S3 via a role: https://medium.com/@ernestosafo11/accessing-s3-with-aws-iam-roles-872621e31037
You will have to make sure to update your execution roles so that 1/ they get access to S3 or 2/ they get the permission needed to assume the role giving access to S3 in cascade of the execution role.
A useful command to add to your code is STS GetCallerIdentity wherever you manage AccessDenied exception: it will help you understand under which incorrect principal you access S3 so that you can fix credentials.
And yes, the security posture of your company will be improved by using transient roles instead of permanent credentials
Best,
Didier
Where are you running your Java code? Are you doing that on an AWS-provided compute platform, such as an EC2 instance or Lambda function, or are you running it on your laptop or a server hosted on premises or elsewhere outside AWS?
Relevant content
- asked 2 years ago
- asked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
Hi Didler, Thank you for the response. But, it still doesnt answer my actual question. Any sample code to enable AssumeRole access using .NET and Java SDK libraries?
Thanks & Regards, ~Venki