Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Access Denied after successful AssumeRole

0

Good Day All,

I am trying to run commands after assumerole using cli and getting the following error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

aws sts assume-role --role-arn "arn:aws:iam::<accountid>:role/read-write-app-bucket-role" --role-session-name "sessionname" This runs successfully but when i do the following i get error : command : aws s3 ls

Note :

  1. I am able to assume the role successfully using AWS STS and getting temp credentials
  2. Also the role has full S3 access.
  3. Both role and resource are in same account

Tried running "aws s3 ls --profile default" but still having the issue Tried assigning the same role directly to the user and the command works fine.

Argomenti
Sicurezza, identità e conformità
Tag
Gestione identità e accesso AWS
Lingua
English
AWS-User-7313937
posta 10 mesi fa195 visualizzazioni
2 Risposte
0

Hi The command assume-role output the temporary credentials. You must use these credentials when making your aws s3 ls call. Please see this guide. Hope it helps.

profile picture
ESPERTO
JimmyDqv
con risposta 10 mesi fa
0

Hi, I suggest you to check the identity under which run the s3 ls via aws sts get-caller-identity. Sometimes your run CLI commands under under another identity than the one you believe due to env vars, default profile, etc.

It happens to me sometimes...

Best,

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 10 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente