堆栈内存溢出
  简体   繁体   English

AWS STS 承担角色 - InvalidClientTokenId:请求中包含的安全令牌无效

[英]AWS STS Assume Role - InvalidClientTokenId: The security token included in the request is invalid

 原文  2020-09-04 18:23:33       node.js/ amazon-web-services/ aws-sdk/ amazon-iam/ aws-config

问题描述

I am trying to assume an IAM role using aws-sdk as so...我正在尝试使用aws-sdk担任IAM角色,因此...

var sts = new AWS.STS();
sts.assumeRole({
  RoleArn: 'arn:aws:iam::xxxxxx:root',
  RoleSessionName: 'awssdk'
}, function(err, data) {
  if (err) { // an error occurred
    console.log('Cannot assume role');
    console.log(err, err.stack);
  } 
  else { // successful response
    AWS.config.update({
      accessKeyId: data.Credentials.AccessKeyId,
      secretAccessKey: data.Credentials.SecretAccessKey,
      sessionToken: data.Credentials.SessionToken
    });
  }
});

But I keep getting...但我一直在...

InvalidClientTokenId: The security token included in the request is invalid InvalidClientTokenId:请求中包含的安全令牌无效

However, I can connect if I just use the following...但是,如果我只使用以下内容,我可以连接...

AWS.config.update({ accessKeyId: process.env.ID, secretAccessKey: process.env.SECRET });

Any reason why I cannot assume a role?我不能担任角色的任何原因?

1 个解决方案

解决方案1
 1 已采纳  2020-09-05 00:07:52

The following下列

RoleArn: 'arn:aws:iam::xxxxxx:root',

is not the IAM role.不是 IAM 角色。 It seems you are trying to assume the IAM root user.您似乎正在尝试假设 IAM 根用户。 The correct ARN of a role has form of角色的正确 ARN 具有以下形式

arn:aws:iam::account-id:role/role-name-with-path

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS DynamoDB 错误:“请求中包含的安全令牌无效。” 尽管凭据在共享安全文件中 - AWS DynamoDB error: “The security token included in the request is invalid.” although credentials are in shared security file UnrecognizedClientException:调用 AWS.SecretsManager 时请求中包含的安全令牌无效 - UnrecognizedClientException: The security token included in the request is invalid when calling AWS.SecretsManager AWS Kinesis放置记录引发无效安全令牌 - AWS kinesis put record throwing invalid security token 使用在 aws-sdk (AWS JavaScript SDK) 中担任角色的配置文件 - using profile that assume role in aws-sdk (AWS JavaScript SDK) 无权承担提供的角色 - Not authorized to assume the provided role 无效的oauth2令牌请求 - invalid oauth2 token request AWS sam SES sendEmail 导致 InvalidClientTokenId (nodejs/lambda) - AWS sam SES sendEmail results in InvalidClientTokenId (nodejs/lambda) AWS Alexa 技能中的访问令牌无效 - Invalid Access Token in AWS Alexa Skill 尝试使用 AWS.STS.getSessionToken 与 node.js 无法检索令牌 - trying to use AWS.STS.getSessionToken with node.js not able to retrieve token Nodejs 请求:HPE_INVALID_HEADER_TOKEN - Nodejs request: HPE_INVALID_HEADER_TOKEN
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM