使用在aws-sdk中扮演角色的配置文件(AWS JavaScript SDK) [英] using profile that assume role in aws-sdk (AWS JavaScript SDK)

查看：257 发布时间：2020/5/18 1:59:56 node.js aws-sdk aws-sdk-nodejs

本文介绍了使用在aws-sdk中扮演角色的配置文件(AWS JavaScript SDK)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

使用适用于JavaScript的AWS开发工具包，我想使用承担角色的默认配置文件.这与AWS CLI完美配合.将node.js与SDK结合使用不会承担此角色，而只会使用访问密钥所属的AWS账户的凭证. 我找到了此文档，但没有涉及扮演以下角色:解决方案

CLI和SDK的工作方式不同，因为在使用SDK时必须明确承担角色. SDK不会像CLI那样自动从配置中承担角色.

担任角色之后，必须使用新的凭证更新AWS.config.

这对我有用:

var AWS = require('aws-sdk');
AWS.config.region = 'us-east-1';

var sts = new AWS.STS();
sts.assumeRole({
  RoleArn: 'arn:aws:iam::123456789:role/Developer',
  RoleSessionName: 'awssdk'
}, function(err, data) {
  if (err) { // an error occurred
    console.log('Cannot assume role');
    console.log(err, err.stack);
  } else { // successful response
    AWS.config.update({
      accessKeyId: data.Credentials.AccessKeyId,
      secretAccessKey: data.Credentials.SecretAccessKey,
      sessionToken: data.Credentials.SessionToken
    });
  }
});

Using the AWS SDK for JavaScript, I want to use a default profile that assumes the a role. This works perfectly with the AWS CLI. Using node.js with the SDK does not assume the role, but only uses credentials to the AWS account that the access key belongs to. I've found this documentation but it does not deal with assuming a role: http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html

Any tips?

This is my config file:

[default]
role_arn = arn:aws:iam::123456789:role/Developer
source_profile = default
output = json
region = us-east-1

解决方案

The CLI and SDK work differently, in that you must explicitly assume the role when using the SDK. The SDK doesn't automatically assume the role from the config as the CLI does.

After the role is assumed, the AWS.config must be updated with the new credentials.

This works for me:

var AWS = require('aws-sdk');
AWS.config.region = 'us-east-1';

var sts = new AWS.STS();
sts.assumeRole({
  RoleArn: 'arn:aws:iam::123456789:role/Developer',
  RoleSessionName: 'awssdk'
}, function(err, data) {
  if (err) { // an error occurred
    console.log('Cannot assume role');
    console.log(err, err.stack);
  } else { // successful response
    AWS.config.update({
      accessKeyId: data.Credentials.AccessKeyId,
      secretAccessKey: data.Credentials.SecretAccessKey,
      sessionToken: data.Credentials.SessionToken
    });
  }
});

这篇关于使用在aws-sdk中扮演角色的配置文件(AWS JavaScript SDK)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

使用在aws-sdk中扮演角色的配置文件(AWS JavaScript SDK) [英] using profile that assume role in aws-sdk (AWS JavaScript SDK)

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

使用在aws-sdk中扮演角色的配置文件(AWS JavaScript SDK) [英] using profile that assume role in aws-sdk (AWS JavaScript SDK)

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭