堆栈内存溢出
  简体   繁体   English

使用凭据创建 AWS SSM 客户端

[英]Creating AWS SSM client with credentials

 原文  2022-12-27 12:13:59       amazon-web-services/ amazon-cognito/ aws-ssm

问题描述

I'm trying to create a SSMClient in JavaScript/TypeScript.我正在尝试在 JavaScript/TypeScript 中创建一个 SSMClient。 I've found a ton of examples but nothing seems to work.我找到了很多例子,但似乎没有任何效果。 I'm trying to get a value from the SSM parameter store.我正在尝试从 SSM 参数存储中获取值。 Here is my latest:这是我的最新消息:

    const stsClient = new STSClient({ region: REGION });

    const params = {
      RoleArn: "arn:aws:iam::425112775363:policy/SSMFullAccessCognito",
      RoleSessionName: "session1",
      DurationSeconds: 900,
    };


    //Assume Role
    const data = await stsClient.send(new AssumeRoleCommand(params));
    const rolecreds = {
      accessKeyId: data.Credentials!.AccessKeyId,
      secretAccessKey: data.Credentials!.SecretAccessKey,
      sessionToken: data.Credentials!.SessionToken,
    };

    const ssmClient = new SSMClient({ region: REGION  });

    console.info(ssmClient);
    
    const cmd = new GetParameterCommand({ Name: 'test', WithDecryption: false });

    const result = await ssmClient.send(cmd);

    console.info(result);

With the above it says creds are missing, which they are.上面说的是信用缺失,它们确实存在。 I just can't anywhere to convert "rolecreds" to Somethng SSM wants.我无法在任何地方将“rolecreds”转换为 SSM 想要的东西。 I can assume the role fine and I get back valid creds.我可以很好地承担这个角色,并且我会取回有效的证书。

I've found 100 different ways from multiple sources but nothing works.我从多个来源找到了 100 种不同的方法,但没有任何效果。 I'm running AWSv3.我正在运行 AWSv3。

EDIT: I am using Amplify too.编辑:我也在使用 Amplify。

2 个解决方案

解决方案1
 0  2022-12-27 12:26:35

You don't seem to actually using roleCreds .您似乎并没有实际使用roleCreds If you look at the documentation for SSMClient , you'll see that it takes an optional credential object which you need to use in your situation: ( https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-ssm/interfaces/ssmclientconfig.html#credentials )如果您查看SSMClient的文档,您会看到它需要一个可选的凭证 object,您需要在您的情况下使用它:( https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/客户端 ssm/interfaces/ssmclientconfig.html#credentials

解决方案2
 0  2022-12-27 13:06:06

Assuming the SSMFullAccessCognito role has the correct permissions to access the required SSM parameter, what you have to do is to pass the rolecreds object to the SSMClient .假设SSMFullAccessCognito角色具有访问所需 SSM 参数的正确权限,您需要做的是将rolecreds object 传递给SSMClient You can do the following:您可以执行以下操作:

const data = await stsClient.send(new AssumeRoleCommand(params));
const rolecreds = {
    accessKeyId: data.Credentials!.AccessKeyId!,
    secretAccessKey: data.Credentials!.SecretAccessKey!,
    sessionToken: data.Credentials!.SessionToken!,
};

const ssmClient = new SSMClient({ region: REGION, credentials: rolecreds });

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 React 和 Axios 获取 AWS 客户端凭证 - React and Axios get AWS client credentials 如何找回早期版本的 AWS SSM 密码? - How to retrieve earlier version of AWS SSM password? 来自 AWS SSM 请求的奇怪响应 - Odd Response from AWS SSM Request AWS::EC2::Instance/Metadata 不支持 SSM 安全引用 - SSM Secure reference is not supported in: AWS::EC2::Instance/Metadata 使用端口转发从本地到 AWS ECS 的 SSM 连接 - SSM connection from local to AWS ECS with Port Forwarding 在 AWS 中等待并收到 SSM.SendCommand 完成通知的最佳方法是什么 - What is the best approach to wait and be notified of completion of SSM.SendCommand in AWS 谁在codepipeline中用aws ssm和secrets参数做过gitops? - Who has done gitops with aws ssm and secrets parameters in codepipeline? 如何读取 aws 数据管道中 shell 脚本中的 ssm 参数? - How to read ssm parameters in a shell script in aws data pipeline? AWS - NoCredentialsError:无法找到凭证 - AWS - NoCredentialsError: Unable to locate credentials 获取 POD 上配置的 AWS 凭证 - Getting AWS Credentials as configured on POD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM