[英]AWS Lambda: How to access other account's bucket using IAM Roles in Java
我有2个帐户
帐户A和帐户B
在账户AI中,我已经部署(Amazon S3)我的Lambda函数。
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
public class LambdaFunctionHandler implements RequestHandler<Request, Response> {
public Response handleRequest(Request request, Context context) {
String greetingString = String.format("Hello %s %s.",
request.firstName, request.lastName);
//Here I need to get the Account B's bucket info
return new Response(greetingString);
}
}
在帐户AI中,我正在创建IAM角色“ my-lambda”,并且将其映射到用户X
在帐户BI中,创建了一个策略来授予角色“ my-lambda”的用户权限。如何使用用户X的IAM角色获取帐户B的存储桶信息???
注意:如果直接提供凭据,我就能获得帐户B的存储桶信息
AWSCredentials longTermCredentials_ = new PropertiesCredentials(LambdaFunctionHandler .class.getResourceAsStream("/resources/"+"AwsCredentials.properties"));
AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(longTermCredentials_);
GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest();
GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest);
Credentials sessionCredentials = sessionTokenResult.getCredentials();
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(),sessionCredentials.getSecretAccessKey(),sessionCredentials.getSessionToken());
AmazonS3Client s3Client = new AmazonS3Client(basicSessionCredentials);
ListObjectsRequest listObjectsRequest = new ListObjectsRequest().withBucketName("bucketName");
ObjectListing objectListing;
do {
objectListing = s3.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary : objectListing
.getObjectSummaries()) {
String key = objectSummary.getKey();
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
您可以使用STSAssumeRoleSessionCredentialsProvider类来帮助您根据长期凭证承担角色,并获得S3客户端的临时凭证。
AWSCredentials longTermCredentials_ = ...
STSAssumeRoleSessionCredentialsProvider roleCredsProvider =
new STSAssumeRoleSessionCredentialsProvider(
longTermCredentials_,
"my_lambda",
"BucketListSession");
AmazonS3Client s3Client = new AmazonS3Client(roleCredsProvider);
AWS Lambda:如何使用java从Lambda函数访问S3存储桶
[英]AWS Lambda : How to access S3 bucket from Lambda function using java
如何使用 IAM 角色通过 aws sdk (java) 从 ECS 容器调用 s3 存储桶
[英]How to call s3 bucket from ECS container via aws sdk (java) by using IAM role
如何使用 Java SDK 访问受 IAM 角色保护的 S3 Bucket?
[英]How do you access S3 Bucket protected by an IAM role using the Java SDK?
如何使用 java api 获取 AWS 帐户详细信息? 不适用于 IAM 用户
[英]How to get AWS account details using java api? Not for IAM user
使用 IAM 用户的访问密钥为第三方 AWS 账户代入角色失败
[英]Failed to assume role for third-party AWS account using IAM user's access key
如何从 AWS 获取临时安全凭证以使用 java 访问 s3 存储桶和上传文件?
[英]How to get temporary security credential from AWS to access s3 bucket and upload files by using java?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.