[英]Unable to upload to S3 using STS credentials
I'm trying to integrate STS assumeRole based authentication to upload my files to S3 buckets...我正在尝试集成基于 STS assumeRole 的身份验证以将我的文件上传到 S3 存储桶...
Code Snippet代码片段
AWS.config.update({
region: 'ap-south-1',
maxRetries: 3,
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
sessionToken: process.env.AWS_SESSION_TOKEN,
})
const roleToAssume = {
RoleArn: process.env.ASSUME_ROLE_ARN,
RoleSessionName: 'codebuild',
DurationSeconds: 900,
}
const sts = new AWS.STS({
apiVersion: '2011-06-15',
region: 'ap-south-1',
endpoint: 'sts.ap-south-1.amazonaws.com',
})
sts.assumeRole(roleToAssume, function (err, assumedRole) {
if (err) {
reject__(err)
console.log('err>>>', err, err.stack)
} else {
console.log(
'🚀 ~ file: uploadTos3.js:30 ~ sts.assumeRole ~ data:',
assumedRole
)
fileArray.map((file) => {
// Configuring parameters for S3 Object
const s3 = new AWS.S3({
accessKeyId: assumedRole.Credentials.AccessKeyId,
secretAccessKey: assumedRole.Credentials.SecretAccessKey,
sessionToken: assumedRole.Credentials.SessionToken,
})
const S3params = {
Bucket: process.env.S3_BUCKET,
Body: fs.createReadStream(file),
Key: generateFileKey(file),
}
s3.upload(S3params, function (err, data) {
if (err) {
console.error(err)
} else {
console.log(`Assets uploaded to S3: `, data)
}
})
})
response__()
}
})
but everytime sts.assumeRole
throwing this error但每次sts.assumeRole
抛出这个错误
InvalidClientTokenId: The security token included in the request is invalid
--
823 | at Request.extractError (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/protocol/query.js:50:29)
824 | at Request.callListeners (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
825 | at Request.emit (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
826 | at Request.emit (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:686:14)
827 | at Request.transition (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:22:10)
828 | at AcceptorStateMachine.runTo (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/state_machine.js:14:12)
829 | at /var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/state_machine.js:26:10
830 | at Request.<anonymous> (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:38:9)
831 | at Request.<anonymous> (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:688:12)
832 | at Request.callListeners (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
833 | code: 'InvalidClientTokenId',
834 | time: 2023-05-18T13:59:07.868Z,
835 | requestId: '3bc35552-7494-4605-9380-1fb8743e7d51',
836 | statusCode: 403,
837 | retryable: false,
838 | retryDelay: 62.92943618134528
839 | }
Scenerio-2 Here, Instead of using sts
from aws-sdk
I'm using aws-cli in docker image & passing assumedRole.Credentials
from cli. Scenerio-2 在这里,我没有使用aws-sdk
中的sts
,而是在 docker 图像中使用 aws-cli 并从 cli 传递assumedRole.Credentials
。
Command:
aws sts assume-role --role-arn $ASSUME_ROLE_ARN --role-session-name codebuild
-- Providing Credentials
But here also, I'm not able to use these credentials with aws-sdk like this但在这里,我也无法像这样将这些凭据与 aws-sdk 一起使用
const s3 = new AWS.S3({
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
sessionToken: process.env.AWS_SESSION_TOKEN,
})
const S3params = {
Bucket: process.env.S3_BUCKET,
Body: fs.createReadStream(file),
Key: generateFileKey(file),
}
s3.upload(S3params, function (err, data) {
if (err) {
// Set the exit code while letting the process exit gracefully.
console.error(err)
process.exitCode = 1
} else {
console.log(`Assets uploaded to S3: `, data)
}
})
Here Getting this error这里得到这个错误
InvalidToken: The provided token is malformed or otherwise invalid.
--
16 | at Request.extractError (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/services/s3.js:711:35)
17 | at Request.callListeners (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
18 | at Request.emit (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
19 | at Request.emit (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:686:14)
20 | at Request.transition (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:22:10)
21 | at AcceptorStateMachine.runTo (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/state_machine.js:14:12)
22 | at /var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/state_machine.js:26:10
23 | at Request.<anonymous> (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:38:9)
24 | at Request.<anonymous> (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/request.js:688:12)
25 | at Request.callListeners (/var/loco/loco/node_modules/.pnpm/aws-sdk@2.1379.0/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
26 | code: 'InvalidToken',
27 | region: null,
28 | time: 2023-05-18T13:44:22.058Z,
29 | requestId: 'CH90H7F00MZ4AYQB',
30 | extendedRequestId: 'SHL6HZeiY9Ts+Iu+RGahpQufpxTigrEmOO0t4ICtlqJ9AjEoREb6pRai4XtfDpxLqiN3VjmrQEM=',
31 | cfId: undefined,
32 | statusCode: 400,
33 | retryable: false,
34 | retryDelay: 0.14215548664469058
35 | }
I want to setup STS assumeRole & use those credentials to upload file to S3.我想设置 STS assumeRole 并使用这些凭据将文件上传到 S3。
There might be the RoleARN access issue, But I'm unable to identify that as well可能存在 RoleARN 访问问题,但我也无法识别
Same as above同上
I'm writing the code in upload_to_bucket.js file & running the same using Docker node upload_to_bucket.js
我正在 upload_to_bucket.js 文件中编写代码并使用 Docker node upload_to_bucket.js
运行相同的代码
idk, but it would be great help if anyone answer this. idk,但如果有人回答这个问题,那将是很大的帮助。
Ping me / Mail me @sanskardahiya98@gmail.com for any further information.联系我/发邮件给我@sanskardahiya98@gmail.com 以获取更多信息。
"aws-sdk": "^2.1379.0" “aws-sdk”:“^2.1379.0”
AWS Codebuild AWS 代码构建
Above code is correct itself, Issue was due to restricted access, My EC2 machine does not have access to STS,上面的代码本身是正确的,问题是由于访问受限,我的 EC2 机器无法访问 STS,
It is fixed by providing appropriate access.它通过提供适当的访问来修复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.