访问IAM角色S3存储桶图像通过亚马逊S3 sdk for javascript
问题描述:
我们为s3存储桶使用IAM角色。我们没有使用任何秘密密钥和访问密钥来访问s3中的图像。我们想要一种使用s3 javascript sdk从s3访问图像的方法。访问IAM角色S3存储桶图像通过亚马逊S3 sdk for javascript
答
您需要设置STS并担任角色以获取临时凭证以访问AWS服务。
/* */
var params = {
DurationSeconds: 3600,
RoleArn: "arn:aws:iam::123456789012:role/demo",
RoleSessionName: "Bob"
};
sts.assumeRole(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
/*
data = {
AssumedRoleUser: {
Arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob",
AssumedRoleId: "ARO123EXAMPLE123:Bob"
},
Credentials: {
AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
Expiration: <Date Representation>,
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
SessionToken: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
},
PackedPolicySize: 6
}
*/
});
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
感谢strongjz,我肯定会尝试。也有可能做同样的事情使用认知身份池ID来访问我是角色s3图像 –
我还没有与Cognito合作过,但阅读它,似乎很http://docs.aws.amazon.com/cognito /latest/developerguide/iam-roles.html – strongjz