当Ec2作为角色运行时尝试在AWS中获取会话令牌时出错 [英] Error when Ec2 running as a role tries to get a Session Token in AWS

问题描述

我正在使用具有以下权限的角色在EC2上运行应用程序:

I'm running a app on an EC2 using a role with the the permissions:

"sts:GetSessionToken",
"sts:AssumeRole"

当我尝试使用该角色获取临时凭据时，出现错误:

When I try to obtain temporary credentials using that role, I get the error:

Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;

我是否缺少该角色的一个或多个权限才能获得临时会话凭据?

Am I missing one or more permissions for the role to be able to obtain temporary session credentials?

推荐答案

根据AWS支持，角色无法请求临时凭证.只有实际的用户才能这样做.

According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.

一种解决方法是使用角色的凭据.它们每小时都会滚动一次，因此它们是临时的(尽管已硬编码为1小时TTL)

A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)

这篇关于当Ec2作为角色运行时尝试在AWS中获取会话令牌时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！