AWS验证凭证 [英] AWS validating Credentials

问题描述

说我从用户那里获得了一组访问密钥， 有没有办法验证它们?

Say I get a set of access keys from a user, Is there a way to validate them?

目前，我正在对诸如以下方法进行简单的API调用: describeVolumes()，describeLoadBalancers()或describeAddresses() 并使用异常代码来验证凭据.

For now I'm making simple API calls to methods like, describeVolumes(), describeLoadBalancers() or describeAddresses() and work with Exception codes to validate the Credentials.

但是，如果我不知道该怎么办? 有没有更好的方法来验证凭据?

But what if I don't know the service? Is there a better way to validate the Credentials?

推荐答案

如果您只是希望验证凭据是否正确，那么您当前的方法是好的:

If you simply wish to validate whether the Credentials are "correct", then your current method is good:

• 向AWS发出请求
• 检查返回码
• 如果响应为InvalidAccessKeyId，则凭据无效

• Make a request to AWS
• Examine the return code
• If the response is InvalidAccessKeyId then the credentials are invalid

这与检查用户是否具有权限来进行API调用不同.使用 IAM策略模拟器，可以确定他们是否具有正确的权限.或尝试呼叫并检查响应(例如AccessDenied).

This is different to checking whether the user has Permissions to make the API call. Determining whether they have the correct permissions could be done using the IAM Policy Simulator or by attempting a call and checking the response (eg AccessDenied).

这篇关于AWS验证凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！