[英]error making upstream request 403 sts vault from aws instance
我已将一个 IAM 角色附加到 aws 实例。 角色my-role也有管理权限和 sts 权限。
我运行了以下命令,但出现错误。
export VAULT_ADDR=https://somevaultsite.com
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role
Error authenticating: Error making API request.
URL: PUT https://somevaultsite.com/v1/auth/aws/login
Code: 400. Errors:
* error making upstream request: received error code 403 from STS: <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>InvalidClientTokenId</Code>
<Message>The security token included in the request is invalid</Message>
</Error>
<RequestId>SOME-REQUEST-ID</RequestId>
</ErrorResponse>
当我通过传递区域来运行 vault 命令时,我得到的错误是
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role region=us-gov-west-1
Error authenticating: Error making API request.
URL: PUT https://somevaultsite.com/v1/auth/aws/login
Code: 400. Errors:
* error making upstream request: received error code 403 from STS: <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-gov-west-1'. </Message>
</Error>
<RequestId>SOME-REQUEST-ID</RequestId>
</ErrorResponse>
我也限制了保险库中的角色。
vault write auth/aws/role/my-role auth_type=iam policies=my-policy max_ttl=1h bound_iam_principal_arn=arn:aws-us-gov:iam::xxxxx:role/my-role
注意:- 我添加了 -tls-skip-verify 选项,因为证书无效。
我们应该设置 sts 端点
vault write auth/aws/config/client sts_endpoint=https://sts.us-gov-west-1.amazonaws.com
然后运行你的登录命令
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role region=us-gov-west-1
Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token.
尝试从 google Vault 下载导出,使用服务帐户时出现 403 错误
[英]Try to download export from google vault, get 403 error using service account
AWS STS:GetFederationToken 在本地工作,但从 Lambda 失败
[英]AWS STS: GetFederationToken works locally, but fails from Lambda
AWS Terraform:│ 错误:配置 Terraform AWS 提供商时出错:验证提供商凭证时出错:调用 sts:GetCallerIdentity 时出错:
[英]AWS Terraform: │ Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity:
AWS Lambda 创建 Function - 请求失败,状态代码为 403
[英]AWS Lambda Create Function - Request failed with status code 403
成功部署后 Cloud Run 错误 504(上游请求超时)
[英]Cloud Run Error 504 (Upstream Request Timeout) after successful deploy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.