Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Access Denied after successful AssumeRole

0

Good Day All,

I am trying to run commands after assumerole using cli and getting the following error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

aws sts assume-role --role-arn "arn:aws:iam::<accountid>:role/read-write-app-bucket-role" --role-session-name "sessionname" This runs successfully but when i do the following i get error : command : aws s3 ls

Note :

  1. I am able to assume the role successfully using AWS STS and getting temp credentials
  2. Also the role has full S3 access.
  3. Both role and resource are in same account

Tried running "aws s3 ls --profile default" but still having the issue Tried assigning the same role directly to the user and the command works fine.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Identity and Access Management
Idioma
English
AWS-User-7313937
preguntada hace 10 meses195 visualizaciones
2 Respuestas
0

Hi The command assume-role output the temporary credentials. You must use these credentials when making your aws s3 ls call. Please see this guide. Hope it helps.

profile picture
EXPERTO
JimmyDqv
respondido hace 10 meses
0

Hi, I suggest you to check the identity under which run the s3 ls via aws sts get-caller-identity. Sometimes your run CLI commands under under another identity than the one you believe due to env vars, default profile, etc.

It happens to me sometimes...

Best,

Didier

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace 10 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante