从实例配置文件中检索IAM角色以与v4签名者一起使用
[英]Retrieve IAM Role from Instance Profile for Use With v4 Signer
问题描述
I'm trying to achieve the same result as the Ruby example code I have using the AWS .NET SDK and am running into trouble querying the instance profile credentials. 
我试图获得与使用AWS .NET SDK的Ruby示例代码相同的结果,并且在查询实例配置文件凭证时遇到麻烦。 It seems the .NET SDK hides the credential provider when querying the instance profile. 在查询实例配置文件时,.NET SDK似乎隐藏了凭据提供程序。 However, I need to get to that so I can use it to sign an STS request and pass that to an API that uses that information for authentication purposes. 但是,我需要这样做,以便可以使用它来签名STS请求并将其传递给使用该信息进行身份验证的API。 So far I haven't found a way to query the instance profile and assume the IAM EC2 Role. 到目前为止,我还没有找到查询实例配置文件并承担IAM EC2角色的方法。
Does anyone have a good idea of how this would be done? 有谁知道如何做到这一点?
Ruby: 红宝石:
request = Aws::Sigv4::Signer.new(
service: 'sts',
region: 'us-east-1',
credentials_provider: Aws::InstanceProfileCredentials.new
).sign_request(
http_method: 'GET',
url: 'https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15'
).headers
What I am trying to avoid is storing any credentials on the instance. 我试图避免的是在实例上存储任何凭据。 However, the signature for the v4 signer method is: 但是,v4签名者方法的签名为:
var signer = new Amazon.Runtime.Internal.Auth.AWS4Signer();
signer.SignRequest(IRequest request, IClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey);
This code will be running on EC2 instances. 该代码将在EC2实例上运行。
Any help would be appreciated! 任何帮助,将不胜感激!
1 个解决方案
解决方案1
0 已采纳 2019-02-17 07:49:15
我能够使用Amazon.Runtime.InstanceProfileAWSCredentials.GetCredentials()调用来获取临时凭证,我可以使用这些凭证来查询IAM角色等其他内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.