[英]I need to use aws_session_token with puppetlabs-aws
At my work, when using aws cli we use aws_session_token.在我的工作中,当使用 aws cli 时,我们使用 aws_session_token。 I don't see anything in puppetlabs-aws support for aws_session_token.我在 puppetlabs-aws 中没有看到任何对 aws_session_token 的支持。 Any ideas?有任何想法吗?
AWS_SESSION_TOKEN is usually used when you're obtaining temporary credentials from AWS security token service (STS).当您从 AWS 安全令牌服务 (STS) 获取临时凭证时,通常会使用 AWS_SESSION_TOKEN。 This is usually when you make the call to Assume a role.这通常发生在您调用 Assume 角色时。 So a lot of this depends on how you've got your command line set up:所以这在很大程度上取决于您如何设置命令行:
If you are explcitly calling assume role like this:如果您明确地调用 assume role 是这样的:
aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/RoleToAssume" --role-session-name AWSCLI-Session
You should get back a response with three variables:您应该返回包含三个变量的响应:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
You should just be able to export each of these as environment variables and then run puppet apply
.您应该能够将其中的每一个导出为环境变量,然后运行puppet apply
。
If you are not explicitly calling assume role and are using instance profiles, puppet should automatically find these 3 variables.如果您没有明确调用 assume role 并且正在使用实例配置文件,puppet 应该会自动找到这 3 个变量。
If you are calling assume role via AWS_PROFILES in your ~/.aws/config
then it should just be sufficient to run puppet apply
after setting the AWS_PROFILE
environment variable.如果您在~/.aws/config
中通过 AWS_PROFILES 调用承担角色,那么在设置AWS_PROFILE
环境变量后运行puppet apply
就足够了。
You may also want to consider using the newer puppetlabs amazon_aws module which superseeds puppetlabs/aws.您可能还想考虑使用更新的 puppetlabs amazon_aws 模块,它取代了 puppetlabs/aws。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.