[英]AWS Lambda: How to access other account's bucket using IAM Roles in Java
我有2個帳戶
帳戶A和帳戶B
在賬戶AI中,我已經部署(Amazon S3)我的Lambda函數。
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
public class LambdaFunctionHandler implements RequestHandler<Request, Response> {
public Response handleRequest(Request request, Context context) {
String greetingString = String.format("Hello %s %s.",
request.firstName, request.lastName);
//Here I need to get the Account B's bucket info
return new Response(greetingString);
}
}
在帳戶AI中,我正在創建IAM角色“ my-lambda”,並且將其映射到用戶X
在帳戶BI中,創建了一個策略來授予角色“ my-lambda”的用戶權限。如何使用用戶X的IAM角色獲取帳戶B的存儲桶信息???
注意:如果直接提供憑據,我就能獲得帳戶B的存儲桶信息
AWSCredentials longTermCredentials_ = new PropertiesCredentials(LambdaFunctionHandler .class.getResourceAsStream("/resources/"+"AwsCredentials.properties"));
AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(longTermCredentials_);
GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest();
GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest);
Credentials sessionCredentials = sessionTokenResult.getCredentials();
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(),sessionCredentials.getSecretAccessKey(),sessionCredentials.getSessionToken());
AmazonS3Client s3Client = new AmazonS3Client(basicSessionCredentials);
ListObjectsRequest listObjectsRequest = new ListObjectsRequest().withBucketName("bucketName");
ObjectListing objectListing;
do {
objectListing = s3.listObjects(listObjectsRequest);
for (S3ObjectSummary objectSummary : objectListing
.getObjectSummaries()) {
String key = objectSummary.getKey();
}
listObjectsRequest.setMarker(objectListing.getNextMarker());
} while (objectListing.isTruncated());
您可以使用STSAssumeRoleSessionCredentialsProvider類來幫助您根據長期憑證承擔角色,並獲得S3客戶端的臨時憑證。
AWSCredentials longTermCredentials_ = ...
STSAssumeRoleSessionCredentialsProvider roleCredsProvider =
new STSAssumeRoleSessionCredentialsProvider(
longTermCredentials_,
"my_lambda",
"BucketListSession");
AmazonS3Client s3Client = new AmazonS3Client(roleCredsProvider);
AWS Lambda:如何使用java從Lambda函數訪問S3存儲桶
[英]AWS Lambda : How to access S3 bucket from Lambda function using java
如何使用 IAM 角色通過 aws sdk (java) 從 ECS 容器調用 s3 存儲桶
[英]How to call s3 bucket from ECS container via aws sdk (java) by using IAM role
如何使用 Java SDK 訪問受 IAM 角色保護的 S3 Bucket?
[英]How do you access S3 Bucket protected by an IAM role using the Java SDK?
如何使用 java api 獲取 AWS 帳戶詳細信息? 不適用於 IAM 用戶
[英]How to get AWS account details using java api? Not for IAM user
使用 IAM 用戶的訪問密鑰為第三方 AWS 賬戶代入角色失敗
[英]Failed to assume role for third-party AWS account using IAM user's access key
如何從 AWS 獲取臨時安全憑證以使用 java 訪問 s3 存儲桶和上傳文件?
[英]How to get temporary security credential from AWS to access s3 bucket and upload files by using java?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.