CodeArtifact setting error - sts:GetServiceBearerToken

Question

I'm trying to set CodeArtifact so that I created domain and repository by manual. But whenever I put command line to access repo it give me back error message like below. Would you help me? I already add a "AWSCodeArtifactAdminAccess" permission on IAM Identity Center

Command line : aws codeartifact login --tool npm --repository npm-store --domain domain-npm --domain-owner 111111111 --region us-east-1

Error msg : when calling the GetAuthorizationToken operation: User: arn:aws:iam::111111111:root is not authorized to perform: sts:GetServiceBearerToken on resource: arn:aws:iam::111111111:root

Hi Im trying to set CodeArtifact so that I created domain and repository by manual. But whenever I put command line to access repo it give me back error message like below. Would you help me? I already add a "AWSCodeArtifactAdminAccess" permission on IAM Identity Center

Command line : aws codeartifact login --tool npm --repository npm-store --domain domain-npm --domain-owner 111111111 --region us-east-1

Error msg : when calling the GetAuthorizationToken operation: User: arn:aws:iam::111111111:root is not authorized to perform: sts:GetServiceBearerToken on resource: arn:aws:iam::111111111:root

Accepted Answer

I solved it. I was trying to get access to codeartifact repo from EC2 without login(aws configure). 
 I assigned a Access keys to a user account and then tried it again after login, it worked.

Answer

The permission below is also given to a user on IAM Identity Center

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"codeartifact:*"
			],
			"Effect": "Allow",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "sts:GetServiceBearerToken",
			"Resource": "*",
			"Condition": {
				"StringEquals": {
					"sts:AWSServiceName": "codeartifact.amazonaws.com"
				}
			}
		}
	]
}

CodeArtifact setting error - sts:GetServiceBearerToken

相关内容