Retrieve IAM Role from Instance Profile for Use With v4 Signer
Question
I'm trying to achieve the same result as the Ruby example code I have using the AWS .NET SDK and am running into trouble querying the instance profile credentials. It seems the .NET SDK hides the credential provider when querying the instance profile. However, I need to get to that so I can use it to sign an STS request and pass that to an API that uses that information for authentication purposes. So far I haven't found a way to query the instance profile and assume the IAM EC2 Role.
Does anyone have a good idea of how this would be done?
Ruby:
request = Aws::Sigv4::Signer.new(
service: 'sts',
region: 'us-east-1',
credentials_provider: Aws::InstanceProfileCredentials.new
).sign_request(
http_method: 'GET',
url: 'https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15'
).headers
What I am trying to avoid is storing any credentials on the instance. However, the signature for the v4 signer method is:
var signer = new Amazon.Runtime.Internal.Auth.AWS4Signer();
signer.SignRequest(IRequest request, IClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey);
This code will be running on EC2 instances.
Any help would be appreciated!
1 answers
solution1
0 ACCPTED 2019-02-17 07:49:15
我能够使用Amazon.Runtime.InstanceProfileAWSCredentials.GetCredentials()调用来获取临时凭证,我可以使用这些凭证来查询IAM角色等其他内容。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.