如何使用 cli 更新配置文件的 ~/.aws/credentials 文件中的 aws 密钥?
[英]how to update aws keys in ~/.aws/credentials file for a profile using cli?
问题描述
So I am under a security protocol which goes like this
所以我在一个像这样的安全协议下
- local machine is given a user-group to login to aws with basic read only permissions本地机器被赋予一个用户组以使用基本只读权限登录到 aws
- local machine then creates a local ~/.aws/credentials file with multiple profiles in it本地机器然后创建一个本地 ~/.aws/credentials 文件,其中包含多个配置文件
- Now for different project , these local aws profile are allowed to assume the project IAM role with the command
aws sts assume-role $PROJECT_IAM_ROLE_ARN --role-session-name $DUMMY_SESSION_NAME --profile $DESIRED_AWS_PROFILE > temp_credentials_file.json现在对于不同的项目,允许这些本地 aws 配置文件使用命令aws sts assume-role $PROJECT_IAM_ROLE_ARN --role-session-name $DUMMY_SESSION_NAME --profile $DESIRED_AWS_PROFILE > temp_credentials_file.json承担项目 IAMaws sts assume-role $PROJECT_IAM_ROLE_ARN --role-session-name $DUMMY_SESSION_NAME --profile $DESIRED_AWS_PROFILE > temp_credentials_file.json - step 3 creates a temporary credentials valid for one hour and writes in the file in a format like第 3 步创建一个有效期为一小时的临时凭证,并以类似的格式写入文件
{
"AssumedRoleUser": {
"AssumedRoleId": "dummy_aasume_role_id:DUMMY_SESSION_NAME_VALUE",
"Arn": "PROJECT_IAM_ROLE_ARN/DUMMY_SESSION_NAME_VALUE"
},
"Credentials": {
"SecretAccessKey": "dummy_SecretAccessKey",
"SessionToken": "dummy_SessionToken",
"Expiration": "_some_time_stamp",
"AccessKeyId": "dummy_AccessKeyId"
}
}
- and my credentials file is like我的凭据文件就像
[profile_1]
aws_access_key_id = dummy_access_key_id_profile_1
aws_secret_access_key = dummy_aws_secret_access_key_profile_1
region = dummy_region_profile_1
aws_session_token = dummy_aws_session_token_profile_1
[profile_2]
aws_access_key_id = dummy_access_key_id_profile_2
aws_secret_access_key = dummy_aws_secret_access_key_profile_2
region = dummy_region_profile_2
aws_session_token = dummy_aws_session_token_profile_2
[profile_3]
aws_access_key_id = dummy_access_key_id_profile_3
aws_secret_access_key = dummy_aws_secret_access_key_profile_3
region = dummy_region_profile_3
aws_session_token = dummy_aws_session_token_profile_3
Now How do I read temp_credentials.json file , and set all 3 aws keys for any given profile in ~/.aws/credentials file via cli without affecting the other files现在如何读取 temp_credentials.json 文件,并通过 cli 为 ~/.aws/credentials 文件中的任何给定配置文件设置所有 3 个 aws 键,而不会影响其他文件
I have also tried我也试过
sudo aws configure set AccessKeyId dummy_value --profile profile_2
but it didn't work但它没有用
command goes successfully but content in ~/.aws/credentials file doesn't change命令成功执行,但 ~/.aws/credentials 文件中的内容没有改变
1 个解决方案
解决方案1
1 已采纳 2020-03-25 17:01:52
it should be something like:它应该是这样的:
aws configure set aws_access_key_id dummy_access_key_id_profile_1 --profile profile_1
aws configure set aws_secret_access_key dummy_aws_secret_access_key_profile_1 --profile profile_1
Names of the variables need to match these, supported by the configuration.变量的名称需要匹配这些,由配置支持。 In your example set AccessKeyId attempts to set an invalid variable.在您的示例中, set AccessKeyId尝试设置无效变量。 It need to be changed to set aws_access_key_id需要更改以set aws_access_key_id
https://docs.aws.amazon.com/cli/latest/reference/configure/set.html https://docs.aws.amazon.com/cli/latest/reference/configure/set.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.