执行aws cli命令时出现以下错误:aws ec2 describe-instances --filters "Name=instance-type,Values=m1.small"
:
A client error (AuthFailure) occurred when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials
凭据来自以下脚本:
import boto3
sts_client = boto3.client('sts')
assumedRoleObject = sts_client.assume_role(
RoleArn="arn:aws:iam::<>:role/service-role/Test-Project",
RoleSessionName="AssumeRoleSession2"
)
credentials = assumedRoleObject['Credentials']
print credentials['AccessKeyId']
print "#"*100
print credentials['SecretAccessKey']
print "#"*100
print credentials['SessionToken']
print "#"*100
我已经测试了在该角色上启用Admin Access。还是行不通。
角色的信任关系如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*",
"arn:aws:iam::<>:user/<username>"
],
"Service": [
"lambda.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
答案 0 :(得分:0)
我只能想到两个原因,为什么它不起作用,只需检查它是否适合你的情况。
只是为了确保您在会话中输出所有3个变量,即
export AWS_ACCESS_KEY_ID="ASIAI******JQ"
export AWS_SECRET_ACCESS_KEY="n******u1pRocjL"
export AWS_SESSION_TOKEN="FQ*****vKJKTisUF"
或者如果您在本地计算机上使用凭证文件,则其中包含所有3个变量,并且在默认配置文件下也是如此。
此外,由于会话令牌默认有效一小时,只需检查您的机器时间是否不同步(可能性较小但值得检查。)