堆栈内存溢出
  简体   繁体   English

如何在不设置 aws configure 的情况下使用 IAM 角色获得临时 IAM 编程访问?

[英]How to get temporary IAM programmatic access using IAM role without setting up aws configure?

 原文  2019-04-09 07:49:36       python/ amazon-web-services/ boto3/ amazon-iam

问题描述

How to get temporary IAM programmatic access using IAM role without setting up aws configure ?如何在不设置 aws configure 的情况下使用 IAM 角色获得临时 IAM 编程访问?

answer in python will be helpful python中的答案会有所帮助

paste me full code if you have please.如果你有请粘贴我完整的代码。

1 个解决方案

解决方案1
 0  2019-04-10 06:29:13

(base) [root@ip-172-31-39-101 ec2-user]# cat role.py 

import boto3
import botocore
account_no=7439222006066 # another account number
role_name='iamest' # another account role
sts_client = boto3.client('sts')
assume_role_response = sts_client.assume_role(
                RoleArn = 'arn:aws:iam::{0}:role/{1}'.format(account_no,role_name),
                RoleSessionName = 'CloudWatchMetricRoleSession',
                DurationSeconds = 900,
                #ExternalId = '9949183895'
            )
#Below session is required to create request using temporary credentials generated.
session = boto3.Session(
                aws_access_key_id = assume_role_response['Credentials']['AccessKeyId'],
                aws_secret_access_key = assume_role_response['Credentials']['SecretAccessKey'],
                aws_session_token = assume_role_response['Credentials']['SessionToken']
            )
#print('your keys are here:', session)

#below we are specifying region for temporary credentials stored in 'session' same like we #configure region in 'aws configure'

cloudwatch_client = session.client('cloudwatch',
        region_name = 'us-east-1'
    )

all_metric_items = []

# using temporary credentials for a request.
cpu_util_metrices_response = cloudwatch_client.list_metrics(
        Namespace = 'AWS/EC2',
        MetricName = 'CPUUtilization',
        Dimensions = [
        {
          'Name': 'i-00a2e99dc0855d2b7',
          'Value': 'us-east-1'
        }
      ]
    )
print (cpu_util_metrices_response)

Note: 1) in another account role must be created for cross account and in trust-releationship policy add account id of the aws account from where you are hitting request.注意: 1)必须为跨帐户创建另一个帐户角色,并在信任关系策略中添加您正在点击请求的 aws 帐户的帐户 ID。 2) The server from which you are running aws requests should have "aws configure" defined inorder to request another aws account temporary access keys. 2) 您运行 aws 请求的服务器应该定义了“aws configure”,以便请求另一个 aws 帐户临时访问密钥。 3)same account cannot generate temporary access keys for requesting its resources 3) 同一个账户不能为请求其资源生成临时访问密钥

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用临时凭证访问 IAM 资源 - How to access IAM resources using temporary credentials 我们如何在不使用秘密访问密钥的情况下使用带有 IAM 角色的 boto3 连接到 Amazon CloudWatch - How can we connect to Amazon CloudWatch using boto3 with IAM role without using secret access key AWS Python IAM API-如何以编程方式获取AWS IAM特权? - AWS Python IAM API - how to get AWS IAM privileges programmatically? 如何使用 python boto3 将新角色权限附加到 aws 中的 iam_role? - How to attach new role permissions to iam_role in aws using python boto3? 如何使用 boto 在 AWS iam 中获取用户的权限或组详细信息 - How to get the permission or group details of the users in AWS iam using boto 使用 IAM 角色创建 AWS SES SMTP 凭证 - Creating AWS SES SMTP credentials using IAM Role 如何列出假定的AWS IAM角色的可用策略 - How to list available policies for an assumed AWS IAM role aws iam 角色从 CloudFormation 转移到 CDK - aws iam role move from CloudFormation to CDK GCP 使用 Python 获取自定义 IAM 角色权限 - GCP Get Custom IAM role permission using Python AWS CDK Python 中的 IAM 角色条件 - IAM Role Conditions in AWS CDK Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM