我需要将 aws_session_token 与 puppetlabs-aws 一起使用
[英]I need to use aws_session_token with puppetlabs-aws
问题描述
At my work, when using aws cli we use aws_session_token.
在我的工作中,当使用 aws cli 时,我们使用 aws_session_token。 I don't see anything in puppetlabs-aws support for aws_session_token.我在 puppetlabs-aws 中没有看到任何对 aws_session_token 的支持。 Any ideas?有任何想法吗?
1 个解决方案
解决方案1
0 2021-01-19 00:33:38
AWS_SESSION_TOKEN is usually used when you're obtaining temporary credentials from AWS security token service (STS).当您从 AWS 安全令牌服务 (STS) 获取临时凭证时,通常会使用 AWS_SESSION_TOKEN。 This is usually when you make the call to Assume a role.这通常发生在您调用 Assume 角色时。 So a lot of this depends on how you've got your command line set up:所以这在很大程度上取决于您如何设置命令行:
If you are explcitly calling assume role like this:如果您明确地调用 assume role 是这样的:
aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/RoleToAssume" --role-session-name AWSCLI-Session
You should get back a response with three variables:您应该返回包含三个变量的响应:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
You should just be able to export each of these as environment variables and then run puppet apply .您应该能够将其中的每一个导出为环境变量,然后运行puppet apply 。
If you are not explicitly calling assume role and are using instance profiles, puppet should automatically find these 3 variables.如果您没有明确调用 assume role 并且正在使用实例配置文件,puppet 应该会自动找到这 3 个变量。
If you are calling assume role via AWS_PROFILES in your ~/.aws/config then it should just be sufficient to run puppet apply after setting the AWS_PROFILE environment variable.如果您在~/.aws/config中通过 AWS_PROFILES 调用承担角色,那么在设置AWS_PROFILE环境变量后运行puppet apply就足够了。
You may also want to consider using the newer puppetlabs amazon_aws module which superseeds puppetlabs/aws.您可能还想考虑使用更新的 puppetlabs amazon_aws 模块,它取代了 puppetlabs/aws。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.