特别是,在测试环境中使用DefaultAWSCredentialsProviderChain时,AWS SDK会选择哪一组凭据会令人惊讶。为此,找出用于提出请求的用户或角色会很有帮助。
我尝试使用以下代码:
AmazonIdentityManagement amazonIdentityManagement = AmazonIdentityManagementClient
.builder()
.withRegion(REGION)
.build();
User user = amazonIdentityManagement.getUser().getUser();
log.info("AWS self-check successful with user {}: {}", user.getUserName(), user.getArn());
如果用户有权查询IAM, 。在我的测试系统上,我得到:
com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException:
User: arn:aws:iam::999:user/test.developer is not authorized to perform: iam:GetUser on resource: arn:aws:iam::999:user/test.developer
(Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: xxx)
这接近我想要包含在异常中的内容。我可以直接获取arn String吗?
答案 0 :(得分:0)
是的,只要用户有权限执行就可以获取ARN:iam:GetUser。 我正在测试类似的东西,所以我可以确认。