堆栈内存溢出
  简体   繁体   English

试图在aws中创建一个iam角色并在assumeRolePolicyDocument上获取错误

[英]Trying to create an iam role in aws and getting an error on the assumeRolePolicyDocument

 原文  2017-03-16 18:19:16       python/ amazon-web-services/ single-sign-on/ amazon-iam/ federation

问题描述

I am trying to create an IAM role in AWS for federated access and keep running into the same issue in python using boto or powershell using the cli. 我正在尝试在AWS中创建一个IAM角色以进行联合访问,并使用cli使用boto或powershell在python中继续运行相同的问题。

Here is what I am trying to do with python. 这是我想用python做的事情。 

import boto3

tpdoc = r'c:\folders\trustPolicy.json'

with open(tpdoc, 'r') as tpfile:
    data = tpfile.read()

client = boto3.client('iam')

response = client.create_role(
    RoleName="testrole",
    AssumeRolePolicyDocument=data
)

This referenced trustPolicy.json is constructed like this 这个引用的trustPolicy.json是这样构造的 

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Action": "sts:AssumeRoleWithSAML",
         "Effect": "Allow",
         "Condition": {
            "StringEquals": {
               "SAML:aud": "https://signin.aws.amazon.com/saml"
            }
         },
         "Principal": {
            "Federated": "arn:aws:iam::1234567890:saml-provider/myidp"
         }
      }
   ]
}

When I run this code with that file I get the following error 当我用该文件运行此代码时,我收到以下错误

ClientError: An error occurred (ValidationError) when calling the CreateRole operation: The specified value for assumeRolePolicyDocument is invalid. ClientError:调用CreateRole操作时发生错误(ValidationError):assumeRolePolicyDocument的指定值无效。 It must contain only printable ASCII characters. 它必须只包含可打印的ASCII字符。

I have run the json through the aws json validator and it validates, and have also run the regex for allowable characters and it passes that as well. 我已经通过aws json验证器运行json并验证了它,并且还运行了允许字符的正则表达式,并且它也传递了它。 I have also tried copying an existing trust policy from a manually created role and using that content for my json file but that generates the same error as well. 我还尝试从手动创建的角色复制现有的信任策略,并将该内容用于我的json文件,但也会产生相同的错误。

1 个解决方案

解决方案1
 0 已采纳  2017-05-25 15:46:59

AssumeRolePolicyDocument requires URL encoded contents of the file. AssumeRolePolicyDocument需要文件的URL编码内容。 We can use urllib.quote() for this: 我们可以使用urllib.quote() 

import boto3
import urllib

tpdoc = r'c:\folders\trustPolicy.json'

with open(tpdoc, 'r') as tpfile:
    data = tpfile.read()

encodedPolicy = urllib.quote(data)

client = boto3.client('iam')

response = client.create_role(
    RoleName="testrole",
    AssumeRolePolicyDocument=encodedPolicy
)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS Boto3 无凭证错误 IAM 角色 K8S - AWS Boto3 No Credential Error IAM role K8S aws iam 角色从 CloudFormation 转移到 CDK - aws iam role move from CloudFormation to CDK AWS CDK Python 中的 IAM 角色条件 - IAM Role Conditions in AWS CDK Python 尝试使角色出现在列表中,但出现奇怪的错误 - Trying make a role be in a list but getting weird error 如何列出假定的AWS IAM角色的可用策略 - How to list available policies for an assumed AWS IAM role 使用 IAM 角色创建 AWS SES SMTP 凭证 - Creating AWS SES SMTP credentials using IAM Role 如何在不设置 aws configure 的情况下使用 IAM 角色获得临时 IAM 编程访问? - How to get temporary IAM programmatic access using IAM role without setting up aws configure? aws iam 上的令人困惑的错误:“策略中的语法错误” - confusing error on aws iam: "Syntax error in policy" 尝试在 gcp 中使用 set iam policy 方法使用 python 更新云存储策略时出错? - Getting an error when trying to use set iam policy method in gcp to update cloud storage policy using python? 尝试使用 ploty-dash 应用程序连接到 mysql db 时出现错误 - when trying to connect to mysql db using ploty-dash app iam getting an error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM