我正在使用安全令牌服务生成凭据access_key_id
和secret_access_key
来将其传递给客户端。我能够成功生成凭据。但是,当我使用动态生成的凭据时,出现此错误
AWS::S3::Errors::InvalidAccessKeyId The AWS Access Key Id you provided does not exist in our records
以下是我用于通过安全令牌服务生成凭据的步骤
创建角色
我已使用以下策略在AWS上创建了一个角色(以列出和上传AWS S3存储桶中的文件)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<bucket_name>"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<bucket_name>/*"
}
]
}
编辑信任关系
我已经编辑了信任关系以将角色分配给IAM
用户
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_id>:user/<user_name>"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
我如何生成凭据
sts = Aws::STS::Client.new
session = sts.assume_role(role_arn: 'arn:aws:iam::<account_id>:role/<role_name>', role_session_name: 'test_session')
@aws_access_key_id = session.credentials.access_key_id
@aws_secret_access_key = session.credentials.secret_access_key
@aws_security_token = session.credentials.session_token
@expires_at = session.credentials.expiration
我能够生成凭据,但是凭据无效。
谢谢