AWS :: S3 :: Errors :: InvalidAccessKeyId安全令牌服务凭证不起作用

时间:2018-08-14 19:17:19

标签: ruby-on-rails ruby amazon-web-services amazon-s3

我正在使用安全令牌服务生成凭据access_key_idsecret_access_key来将其传递给客户端。我能够成功生成凭据。但是,当我使用动态生成的凭据时,出现此错误

AWS::S3::Errors::InvalidAccessKeyId The AWS Access Key Id you provided does not exist in our records

以下是我用于通过安全令牌服务生成凭据的步骤

创建角色
我已使用以下策略在AWS上创建了一个角色(以列出和上传AWS S3存储桶中的文件)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<bucket_name>"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::<bucket_name>/*"
        }
    ]
}

编辑信任关系 我已经编辑了信任关系以将角色分配给IAM用户

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<account_id>:user/<user_name>"
      },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}

我如何生成凭据

sts = Aws::STS::Client.new
session = sts.assume_role(role_arn: 'arn:aws:iam::<account_id>:role/<role_name>', role_session_name: 'test_session')
@aws_access_key_id = session.credentials.access_key_id
@aws_secret_access_key = session.credentials.secret_access_key
@aws_security_token = session.credentials.session_token
@expires_at = session.credentials.expiration

我能够生成凭据,但是凭据无效。

谢谢

0 个答案:

没有答案