CredentialsError:dynamoDB中的配置中缺少凭据

时间:2019-03-07 05:08:36

标签: node.js amazon-web-services amazon-dynamodb amazon-iam

我创建了一个假定角色,该角色可以访问其他帐户的dynamoDB,并且正在使用AWS STS获得假定角色的凭据。 

var sts = new AWS.STS({apiVersion: '2011-06-15', region:'us-east-1', endpoint: 'https://sts.amazonaws.com'});


console.log("Before calling the assume role");
sts.assumeRole({
    DurationSeconds: 3600,
    RoleArn: 'arn:aws:iam::123456789012:role/crossAccount',
    RoleSessionName: 'awssdk'
}, function(err, data) {
    if (err) {
        // an error occurred
        console.log('Cannot assume role');
        console.log(err, err.stack);
    } else {
        // successful response
        console.log('Role assumed');

        // Query function
        var dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10', credentials: data, region: 'eu-west-1'});
        console.log("dynamo db   " + JSON.stringify(dynamodb));



        var params = {
            Key: {
            "Tid": {
            S: "123"
        },
        },
            TableName: "MYTable"
        };

        dynamodb.getItem(params, function(err, data) {
            if (err) { console.log(err, err.stack); console.log("failed"); }// an error occurred
            else  {   console.log(data);  console.log("success"); }         // successful response
        });

以下是确切的错误:

{ CredentialsError: Missing credentials in config at credError (/var/task/node_modules/aws-sdk/lib/config.js:317:40) at getStaticCredentials (/var/task/node_modules/aws-sdk/lib/config.js:338:15) at Config.getCredentials

谢谢

2 个答案:

答案 0 :(得分:2)

我认为您根据该错误缺少客户端配置。请尝试以下;

python 

    # Create IAM client
    sts_default_provider_chain = boto3.client('sts')

    print('Default Provider Identity: : ' + sts_default_provider_chain.get_caller_identity()['Arn'])

    role_to_assume_arn='arn:aws:iam::123456789012:role/roleName'
    role_session_name='test_session'

    response=sts_default_provider_chain.assume_role(
        RoleArn=role_to_assume_arn,
        RoleSessionName=role_session_name
    )

    creds=response['Credentials']

    sts_assumed_role = boto3.client('sts',
        aws_access_key_id=creds['AccessKeyId'],
        aws_secret_access_key=creds['SecretAccessKey'],
        aws_session_token=creds['SessionToken'],
    )

    print('AssumedRole Identity: ' + sts_assumed_role.get_caller_identity()['Arn'])

节点

    const getSTS = async () => {
      const sts = new AWS.STS({ region: process.env.REGION });
      const params = {
        RoleArn: 'arn:aws:iam::1234567890:role/someRole',
        RoleSessionName: 'CrossAccountCredentials',
        ExternalId: '1234567-1234-1234-1234-123456789012',
        DurationSeconds: 3600,
      };

      const assumeRoleStep1 = await sts.assumeRole(params).promise();
      console.log('Changed Credentials');

      const accessparams = {
        accessKeyId: assumeRoleStep1.Credentials.AccessKeyId,
        secretAccessKey: assumeRoleStep1.Credentials.SecretAccessKey,
        sessionToken: assumeRoleStep1.Credentials.SessionToken,
      };
    }

答案 1 :(得分:0)

AWS.Credentials正在帮助解决getStaticCredentials。另外,如果您拥有这些资源的权限,现在也可以使用该凭据来访问其他资源。这还可以帮助您仅将凭据仅用于需要从其他aws帐户访问的那些资源。您无需全局设置凭据。

var sts = new AWS.STS({apiVersion: '2011-06-15', region:'us-east-1', endpoint: 'https://sts.amazonaws.com'});


console.log("Before calling the assume role");
sts.assumeRole({
    DurationSeconds: 3600,
    RoleArn: 'arn:aws:iam::123456789012:role/crossAccount',
    RoleSessionName: 'awssdk'
}, function(err, data) {
    if (err) {
        // an error occurred
        console.log('Cannot assume role');
        console.log(err, err.stack);
    } else {
        // successful response
        console.log('Role assumed');

        // resolving static credential
        var creds = new AWS.Credentials({
          accessKeyId: data.Credentials.AccessKeyId,
          secretAccessKey: data.Credentials.SecretAccessKey,
          sessionToken: data.Credentials.SessionToken
        });

        // Query function
        var dynamodb = new AWS.DynamoDB({apiVersion: configuration.API_VERSION, credentials:  creds, region: configuration.REGION});
        console.log("dynamo db   " + JSON.stringify(dynamodb));
        var params = {
            Key: {
              "Tid": {
                S: "123"
              },
            },
            TableName: "MYTable"
        };

        dynamodb.getItem(params, function(err, data) {
            if (err) { console.log(err, err.stack); console.log("failed"); }// an error occurred
            else  {   console.log(data);  console.log("success"); }         // successful response
        });
    }
相关问题
最新问题