堆栈内存溢出
  简体   繁体   English

在本地获取AWS Cross Account IAM角色

[英]Acquiring aws cross account iam role locally

 原文  2018-06-13 10:10:51       amazon-web-services/ aws-sdk/ amazon-iam/ amazon-kinesis

问题描述

I'm new to aws and facing problem for iam role.I'm doing cross account role. 我是AWS新手,并且面临IAM角色的问题。我正在做跨帐户角色。 Say in Account x ,created role for Account Y togive permission to read from kinesis Streams. 在帐户x中说,为帐户Y创建了授予从kinesis Streams读取的权限的角色。

I want to connect to Account Y to fetch streams from Account X locally using java SDK(i'm not launching EC2 instance on Account Y). 我想连接到帐户Y,以使用Java SDK从帐户X本地获取流(我没有在帐户Y上启动EC2实例)。 So is their any way to do that? 那么他们有什么办法吗?

I understand that if i run the application on EC2 instance on Account Y, I will be able to fectch it, but i don't want to fetch it by using EC2. 我了解,如果我在帐户Y的EC2实例上运行该应用程序,则可以完成该应用程序,但我不想使用EC2来获取它。 

    AWS doc mentions in 
    https://docs.aws.amazon.com/cli/latest/topic/config-vars.html

    # In ~/.aws/credentials:
    [development]
    aws_access_key_id=foo
    aws_secret_access_key=bar 

    # In ~/.aws/config
    [profile crossaccount]
    role_arn=arn:aws:iam:...
    source_profile=development

Is it related to that? 与此有关吗? Here i think crossaccount is the role created in account x to give access to account y. 在这里,我认为交叉帐户是在帐户x中创建的角色,用于访问帐户y。 

Which aws api should I call to fetch the streams?

Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 0  2018-06-14 13:04:58

Cross-Account access in AWS has a specific protocol you'll need to follow. AWS中的跨账户访问具有您需要遵循的特定协议。 As you created an IAM Role in account X which has been given access to resources in account Y, account Y will also need to grant that role permission to perform STS:AssumeRole . 当您在帐户X中创建了一个IAM角色(该帐户已获得对帐户Y中资源的访问权限)时,帐户Y还需要授予该角色权限以执行STS:AssumeRole

Once this part of setup is complete you should be good to go. 一旦这部分设置完成,您就应该做好了。 Read more about it here 在这里了解更多

To use the AWS SDK for Java, create a service object for the STS service and perform an AssumeRole invocation. 要使用适用于Java的AWS开发工具包,请为STS服务创建服务对象,然后执行AssumeRole调用。 If you supply this with the right credentials, the result of that will be a valid pair of credentials that have access to account Y's resources. 如果为您提供正确的凭据,则结果将是一对有效的凭据,可以访问帐户Y的资源。

Read more about using Assume Role in Java here . 此处阅读有关在Java中使用角色角色的更多信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 跨账户访问特定 AWS 账户中的 S3 存储桶的 IAM 角色策略 - IAM Role policy for cross account access to S3 bucket in a specific AWS account 具有跨账户 IAM 角色的 EC2 实例 - EC2 instance with a cross account IAM role Kubernetes 服务账户和 AWS IAM 角色的秘密 - Kubernetes Service Account and AWS IAM Role for Secrets IAM 角色访问另一个 AWS 账户的服务 - IAM role to access services of another AWS account AWS Code Commit跨账户IAM角色 - AWS Code Commit Cross Account IAM Roles AWS 跨账户 Postgres RDS IAM 身份验证 - AWS cross account Postgres RDS IAM authentication 具有 IAM 凭证的跨账户 AWS Lambda - Cross Account AWS Lambda with IAM credentials 您如何正确设置 Terraform 以使用跨账户 IAM 承担角色身份验证来管理 AWS EKS 集群? - How do you properly setup Terraform to manage an AWS EKS cluster using cross-account IAM assume role authentication? 设置IAM用户/角色的跨帐户访问 - Setting up cross account access of IAM user/role 将跨账户角色的 IAM 用户限制为单个存储桶 - Restrict IAM user for a cross account role to a single bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM