Powershell:使用临时凭证访问AWS s3存储桶

时间:2016-07-27 06:18:34

标签: amazon-s3 powershell-v2.0

我想首先创建临时凭证,然后为该用户承担角色。使用该临时凭证,我想访问s3存储桶以对它们执行某些操作。但是当我尝试使用临时accessKey和secretKey访问存储桶时,我们的记录中不存在像AWS访问密钥ID这样的抛出执行。 请帮我解决。

P.S:我是PowerShell的新手(使用v2.0)。

param([String]$profile , [string]$mfaVal)

function Get-IniContent ($filePath)
{
    $ini = @{}
    switch -regex -file $FilePath
    { 
    “^\[(.+)\]” # Section
        {
            $section = $matches[1]
            $ini[$section] = @{}
            $CommentCount = 0
        }
    “^(;.*)$” # Comment
        {
            $value = $matches[1]
            $CommentCount = $CommentCount + 1
            $name = “Comment” + $CommentCount
       # $ini[$section][$name] = $value
        } 
    “(.+?)\s*=(.*)” # Key
        {
            $name,$value = $matches[1..2]
            $ini[$section][$name] = $value
        }
    }
    return $ini
}

Add-Type -Path "C:\Program Files (x86)\AWS SDK for .NET\past-releases\Version-1\AWSSDK.dll"

Write-Host $psboundparameters.count

if ($psboundparameters.count -lt 2){
    echo "\r\nWrong parameter values. Please see the usage below. \n\r
    Usage: Get_s3_bucket_objects.ps1 [profile name (test | preprod | prod)] [MFA code]\r\n\r\n";
    exit;
}

$ini = Get-IniContent “C:\Users\Desktop\config.ini”

$bucket = $ini[$profile]["bucketName"]
$accountID = $ini[$profile]["accountID"]
$encKey = $ini[$profile]["encKey"]
$userName =$ini[$profile]["userName"]
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]

Set-AWSCredentials -AccessKey AAHSAI2ER4FDQ -SecretKey BaxkYl9eR/0X9SJTmIy/sajdfgav -StoreAs TestProfile

Initialize-AWSDefaults -ProfileName TestProfile -Region us-east-1

$mfa = "arn:aws:iam::$accountID:mfa/testUser"
$roleArn = "arn:aws:iam::$accountID:role/download-for-signing"
$sessionName = "session_name"

$role = Use-STSRole -RoleArn $roleArn -RoleSessionName $sessionName -DurationInSeconds 900 -ExternalId testUser -SerialNumber $mfa -TokenCode $mfaVal -StoredCredentials TestProfile

$tempAccessKey = $role.Credentials.AccessKeyId
$tempSecretKey = $role.Credentials.SecretAccessKey

$client=[Amazon.AWSClientFactory]::CreateAmazonS3Client($tempAccessKey,$tempSecretKey)
$client.ListBuckets()

Clear-AWSCredentials -StoredCredentials TestProfile

获取例外情况:

"Exception calling "ListBuckets" with "0" argument(s): "The AWS Access Key Id you provided does not exist in our records." At C:\Users\Desktop\Get_s3_bucket_objects.ps1:91 char:20 + $client.ListBuckets <<<< ()
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

1 个答案:

答案 0 :(得分:0)

我在R中使用aws.s3包时遇到了类似的错误。当我从AWS复制访问密钥ID和密钥并将它们粘贴到我的代码中时,我发现我正在拾取额外的非文本字符。在这些方面。

$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]

我重新输入了第一个和最后几个字母和引号,并且很高兴。