[英]error making upstream request 403 sts vault from aws instance
我已將一個 IAM 角色附加到 aws 實例。 角色my-role也有管理權限和 sts 權限。
我運行了以下命令,但出現錯誤。
export VAULT_ADDR=https://somevaultsite.com
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role
Error authenticating: Error making API request.
URL: PUT https://somevaultsite.com/v1/auth/aws/login
Code: 400. Errors:
* error making upstream request: received error code 403 from STS: <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>InvalidClientTokenId</Code>
<Message>The security token included in the request is invalid</Message>
</Error>
<RequestId>SOME-REQUEST-ID</RequestId>
</ErrorResponse>
當我通過傳遞區域來運行 vault 命令時,我得到的錯誤是
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role region=us-gov-west-1
Error authenticating: Error making API request.
URL: PUT https://somevaultsite.com/v1/auth/aws/login
Code: 400. Errors:
* error making upstream request: received error code 403 from STS: <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-gov-west-1'. </Message>
</Error>
<RequestId>SOME-REQUEST-ID</RequestId>
</ErrorResponse>
我也限制了保險庫中的角色。
vault write auth/aws/role/my-role auth_type=iam policies=my-policy max_ttl=1h bound_iam_principal_arn=arn:aws-us-gov:iam::xxxxx:role/my-role
注意:- 我添加了 -tls-skip-verify 選項,因為證書無效。
我們應該設置 sts 端點
vault write auth/aws/config/client sts_endpoint=https://sts.us-gov-west-1.amazonaws.com
然后運行你的登錄命令
vault login -tls-skip-verify -address=https://somevaultsite.com -method=aws role=my-role region=us-gov-west-1
Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token.
嘗試從 google Vault 下載導出,使用服務帳戶時出現 403 錯誤
[英]Try to download export from google vault, get 403 error using service account
AWS STS:GetFederationToken 在本地工作,但從 Lambda 失敗
[英]AWS STS: GetFederationToken works locally, but fails from Lambda
AWS Terraform:│ 錯誤:配置 Terraform AWS 提供商時出錯:驗證提供商憑證時出錯:調用 sts:GetCallerIdentity 時出錯:
[英]AWS Terraform: │ Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity:
AWS Lambda 創建 Function - 請求失敗,狀態代碼為 403
[英]AWS Lambda Create Function - Request failed with status code 403
成功部署后 Cloud Run 錯誤 504(上游請求超時)
[英]Cloud Run Error 504 (Upstream Request Timeout) after successful deploy
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.