担任角色时在何处指定外部 ID
Where to specify the external id while assuming role
我在另一个有条件的角色中扮演角色
"Condition": {
"StringEquals": {
"sts:ExternalId": "12345"
}
}
我正在用下面的会话来假设它
def assumed_role_session(role_arn):
base_session = boto3.session.Session()._session
fetcher = botocore.credentials.AssumeRoleCredentialFetcher(
client_creator = base_session.create_client,
source_credentials = base_session.get_credentials(),
role_arn = role_arn,
)
creds = botocore.credentials.DeferredRefreshableCredentials(
method = 'assume-role',
refresh_using = fetcher.fetch_credentials,
time_fetcher = lambda: datetime.datetime.now(tzlocal())
)
botocore_session = botocore.session.Session()
botocore_session._credentials = creds
return boto3.Session(botocore_session = botocore_session)
但它给出了授权问题。任何人都可以帮助解决必须放置外部 ID 的问题吗?
在 boto3 中,您使用 assume_role 承担角色,这允许您将 ExternalId 指定为输入参数之一。
我在另一个有条件的角色中扮演角色
"Condition": {
"StringEquals": {
"sts:ExternalId": "12345"
}
}
我正在用下面的会话来假设它
def assumed_role_session(role_arn):
base_session = boto3.session.Session()._session
fetcher = botocore.credentials.AssumeRoleCredentialFetcher(
client_creator = base_session.create_client,
source_credentials = base_session.get_credentials(),
role_arn = role_arn,
)
creds = botocore.credentials.DeferredRefreshableCredentials(
method = 'assume-role',
refresh_using = fetcher.fetch_credentials,
time_fetcher = lambda: datetime.datetime.now(tzlocal())
)
botocore_session = botocore.session.Session()
botocore_session._credentials = creds
return boto3.Session(botocore_session = botocore_session)
但它给出了授权问题。任何人都可以帮助解决必须放置外部 ID 的问题吗?
在 boto3 中,您使用 assume_role 承担角色,这允许您将 ExternalId 指定为输入参数之一。