堆栈内存溢出
  简体   繁体   English

如何在 aws 中使用 web 识别令牌使用 go sdk 进行身份验证

[英]How to use use web identify token in aws to authenticate using go sdk

 原文  2022-06-16 07:31:24       amazon-web-services/ go/ amazon-eks/ aws-sdk-go

问题描述

I am trying to write an example of how to use a web identity token with a container to perform EC2 operations.我正在尝试编写一个示例,说明如何将 Web 身份令牌与容器一起使用来执行 EC2 操作。 The container spec contains the service account and has the necessary permission to access the token path and its namespace is a trusted entity in the role.容器规范包含服务帐户并具有访问令牌路径的必要权限,其命名空间是角色中的受信任实体。

package main

import (
    "fmt"

    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/credentials"
    "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/ec2"
    "github.com/aws/aws-sdk-go/service/sts"
)

func main() {

    sess, _ := session.NewSession()
    config := aws.NewConfig().WithRegion("us-east-1")

    stsSTS := sts.New(sess)
    roleARN := "arn:aws:iam::1234567:role/s2-p0o5-csi-drivers-ebs-cloud-credentials"

    roleProvider := stscreds.NewWebIdentityRoleProviderWithOptions(stsSTS, roleARN, "gosession", stscreds.FetchTokenPath("/build/token"))

    creds := credentials.NewCredentials(roleProvider)
    credValue, _ := roleProvider.Retrieve()
    fmt.Printf("credValue.AccessKeyID: %v\n", credValue.AccessKeyID)
    fmt.Printf("credValue.SecretAccessKey: %v\n", credValue.SecretAccessKey)
    fmt.Printf("credValue.SessionToken: %v\n", credValue.SessionToken)

    config = config.WithCredentials(creds)

    nodeID := "i-00843f27cfeb0beff"
    svc := ec2.New(sess, config)
    request := &ec2.DescribeInstancesInput{
        InstanceIds: []*string{&nodeID},
    }

    result, _ := svc.DescribeInstances(request)
    fmt.Printf("result: %v\n", result)
}

The value of result get empty.结果的值为空。 Whereas, i have exported (credValue.AccessKeyID, credValue.SecretAccessKey,credValue.SessionToken) as environment variables and aws cli is giving me output related to describing the instance.然而,我已将 (credValue.AccessKeyID, credValue.SecretAccessKey,credValue.SessionToken) 导出为环境变量,并且 aws cli 为我提供了与描述实例相关的输出。

I tried various methods like credentials.NewStaticCredentials() with the credential information, but no luck.我尝试了各种方法,例如使用凭证信息的credentials.NewStaticCredentials() ,但没有运气。 Can some help share hint on what is going wrong and correct way of doing it.一些人可以帮助分享有关出了什么问题和正确方法的提示。

1 个解决方案

解决方案1
 0  2022-06-16 08:16:36

使用的 instance-id 应该在该区域中可用,否则它将返回一个带有 err == nil 的空映射。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将AWS GO SDK与RESTful API一起使用? - How to use AWS GO SDK with RESTful API? 如何使用AWS开发工具包进行身份验证 - How to authenticate using the AWS SDK 将 AWS Go SDK 与配置文件一起使用 - Use AWS Go SDK with profile 如何使用AWS Cognito SDK使用NodeJS从REST服务验证用户? - How to use AWS Cognito SDK to authenticate user from REST Service using NodeJS? 如何将 aws-sdk-go-v2 与 localstack 一起使用? - How do I use aws-sdk-go-v2 with localstack? 如何在aws-sdk-go Dynamodb QueryInput中使用“ BETWEEN”? - How to use “BETWEEN” in aws-sdk-go Dynamodb QueryInput? 如何将 IAM 用户凭证与 Go AWS SDK v2 一起使用 - How to use IAM User credentials with Go AWS SDK v2 如何在 AWS SDK 中使用访问令牌? - How do I use an Access Token with AWS SDK? 如何使用AWS Cognito对API网关进行身份验证 - How to use AWS Cognito to authenticate API Gateway 如何使用 AWS-ADFS 对 AWS 进行身份验证以使用 Boto3 - Python - How to authenticate to AWS using AWS-ADFS to use Boto3 - Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM