AWS STS 担任角色 - InvalidClientTokenId:请求中包含的安全令牌无效
AWS STS Assume Role - InvalidClientTokenId: The security token included in the request is invalid
我正在尝试使用 aws-sdk 担任 IAM 角色...
var sts = new AWS.STS();
sts.assumeRole({
RoleArn: 'arn:aws:iam::xxxxxx:root',
RoleSessionName: 'awssdk'
}, function(err, data) {
if (err) { // an error occurred
console.log('Cannot assume role');
console.log(err, err.stack);
}
else { // successful response
AWS.config.update({
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken
});
}
});
但我不断...
InvalidClientTokenId: The security token included in the request is invalid
但是,如果我只使用以下内容,我可以连接...
AWS.config.update({ accessKeyId: process.env.ID, secretAccessKey: process.env.SECRET });
我有什么理由不能担任角色?
以下
RoleArn: 'arn:aws:iam::xxxxxx:root',
不是 IAM 角色。您似乎正在尝试假设为 IAM root 用户。角色的正确 ARN 有 form 个
arn:aws:iam::account-id:role/role-name-with-path
我正在尝试使用 aws-sdk 担任 IAM 角色...
var sts = new AWS.STS();
sts.assumeRole({
RoleArn: 'arn:aws:iam::xxxxxx:root',
RoleSessionName: 'awssdk'
}, function(err, data) {
if (err) { // an error occurred
console.log('Cannot assume role');
console.log(err, err.stack);
}
else { // successful response
AWS.config.update({
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken
});
}
});
但我不断...
InvalidClientTokenId: The security token included in the request is invalid
但是,如果我只使用以下内容,我可以连接...
AWS.config.update({ accessKeyId: process.env.ID, secretAccessKey: process.env.SECRET });
我有什么理由不能担任角色?
以下
RoleArn: 'arn:aws:iam::xxxxxx:root',
不是 IAM 角色。您似乎正在尝试假设为 IAM root 用户。角色的正确 ARN 有 form 个
arn:aws:iam::account-id:role/role-name-with-path