By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to retrieve temporary credentials using rest api or by using AssumeRole in AWS SDK

0

hi , ive been trying to retrieve temporary credentials using role arn but getting an error of EC2 Metadata not found in AWS SDK . Thanks

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
rePost-User-9225202
asked 2 years ago380 views
2 Answers
0

Hello

You cant get the credentials for your current role, so you need to call sts:AssumeRole API.

Here is an example with python boto3.

You can now use the s3_client to call S3 using the role you just assumed.

import boto3
sts_client = boto3.client('sts')

role_arn = "MyRoleArn"

role_credentials = sts_client.assume_role(
  RoleArn=role_arn,
  RoleSessionName='MySessionName',
)['Credentials']

print(f"{role_credentials}")

s3_client = boto3.client('s3',
    aws_access_key_id=role_credentials['AccessKeyId'],
    aws_secret_access_key=role_credentials['SecretAccessKey'],
    aws_session_token=role_credentials['SessionToken']
)

NOTE: Be super careful with logging because the role_credentials variable continues your actual credentials.

Hope this helps!

//Carl

profile picture
Carl Ostrand
answered 2 years ago
0

Your question seems to indicate that you are running on an EC2 instance. If you are running code on EC2 instance, the recommended way to get credentials is to use roles for Amazon EC2..

Here is the link to documentation on using temporary credentials, including how to use them with SDKs: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

AWS
Ashu
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content