Create an IAM Role that makes Redshift able to access S3 bucket (ReadOnly)
Question
I'm trying to create a new IAM role and attach the S3 Read only Access policy but when I'm running the below code. I'm getting the following error: An error occurred (InvalidClientTokenId) when calling the CreateRole operation: The security token included in the request is invalid.
I have set up the correct aws access key and security key in the configuration file but still I'm not able to get through this error.
Code for creating the IAM role.
try:
print('1.1 Creating a new IAM Role')
dwhRole = iam.create_role(
Path='/',
RoleName=DWH_IAM_ROLE_NAME,
Description='Allows Redshift clusters to call AWS services on your behalf.',
AssumeRolePolicyDocument=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "redshift.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}),
)
except Exception as e:
print(e)
# TODO: Attach Policy
print('1.2 Attaching Policy')
iam.attach_role_policy(RoleName=DWH_IAM_ROLE_NAME,
PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
)['ResponseMetadata']['HTTPStatusCode']
# TODO: Get and print the IAM role ARN
print('1.3 Get the IAM role ARN')
roleArn = iam.get_role(RoleName=DWH_IAM_ROLE_NAME)['Role']['Arn']
print(roleArn)
DWH_IAM_ROLE_NAME is a variable which is defined the configuration file as well.
1 answers
solution1
0 2023-01-08 18:32:27
First, unset the below env variables:-
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
Get a new session token and save it or copy it to your clipboard:-
aws sts get-session-token
Run the below command and it is ask for SECRET KEY, ID, TOKEN
aws configure
Finally, re-run your script.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.