我在使用AWS PHP SDK时遇到问题 从apache服务器(PHP SDK)调用AssumeRole时,出现以下错误
Error executing "AssumeRole" on "https://sts.amazonaws.com";
AWS HTTP error: Client error: `POST https://sts.amazonaws.com` resulted in a `403 Forbidden`
response: Sender AccessDeni (truncated...) AccessDenied (client): Access denied - Sender AccessDenied Access denied
我测试了该命令以使用AWS CLI在同一台ec2计算机中扮演角色,并且运行良好。
这是我使用的代码。
const AccessKey = "<AccessKey>";
const SecretAccessKey = "<SecretAccessKey>";
const AccountID = "<AccountID>";
const Name_space = "default"; // leave this as default
use Aws\Sts\StsClient;
use Aws\Sts\StsException;
try {
$sts = new Aws\Sts\StsClient([
'region' => 'us-east-1',
'version' => 'latest',
'credentials ' => array('key' => AccessKey,
'secret' => SecretAccessKey)
]);
$session = $sts->assumeRole([
'DurationSeconds' => 900,
'RoleArn' => '<arn>', // REQUIRED
'RoleSessionName' => testSession, // REQUIRED
]);
} catch (Exception $e) {
exit($e->getMessage());
}
-已编辑以添加以下内容-
用户有承担角色的政策
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "<role arn>"
}
}
这是角色的信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com",
"AWS": "<user arn>"
},
"Action": "sts:AssumeRole"
}
]
}