import boto
import boto3
from boto.s3.connection import S3Connection
from boto.sts import STSConnection
# Prompt for MFA time-based one-time password (TOTP)
mfa_TOTP = raw_input("Enter the MFA code: ")
role_arn = "arn:aws:iam::123456789012:role/TestOperator"
client = boto3.client('sts')
response = client.assume_role(RoleArn=role_arn,SerialNumber="arn:aws:iam::760787039612:mfa/C34768",RoleSessionName="test",TokenCode=mfa_TOTP)
print response
使用有效的MFA TokenCode运行上述代码时,也会出现以下错误
ClientError:调用AssumeRole操作时发生错误(AccessDenied):MultiFactorAuthentication失败,一次性密码无效。
赞赏帮助
答案 0 :(得分:0)
除非您为此帖添加随机帐号(这是一个好主意),否则您忘记将真实帐号放入您的ARN:
role_arn =“arn:aws:iam :: 123456789012:role / TestOperator”
应该是
role_arn =“arn:aws:iam :: 760787039612:role / TestOperator”
答案 1 :(得分:0)
我解决了MFA令牌问题,完成了我的代码中的以下更改
import boto3
role_arn = raw_input("Enter the RoleArn of switch user: ")
SerialNumber = raw_input("Enter the MFA SerialNumber: ")
RoleSessionName = raw_input("Enter the RoleSessionName: ")
mfa_TOTP = raw_input("Enter the MFA code: ")
client = boto3.client('sts')
response = client.assume_role(RoleArn=role_arn,SerialNumber=SerialNumber,RoleSessionName=RoleSessionName,TokenCode=mfa_TOTP)
credentials = response['Credentials']
ec2_resource = boto3.resource('ec2', region,aws_access_key_id = credentials['AccessKeyId'],aws_secret_access_key = credentials['SecretAccessKey'],
aws_session_token = credentials['SessionToken'])
ec2_client = boto3.client('ec2', region,aws_access_key_id = credentials['AccessKeyId'],aws_secret_access_key = credentials['SecretAccessKey'],
aws_session_token = credentials['SessionToken'])
现在我们可以使用ec2_resource和ec2_client对象访问ec2资源
...谢谢