amazon-web-services command-line-interface

Amazon aws cli：承担的角色返回访问被拒绝错误

发布于 2025-01-14 05:44:00 字数 1301 浏览 2 评论 0原文

我正在尝试使用 aws cli 运行一些命令。我在目标区域没有用户帐户，但我尝试使用名为“AssumedAdministrator”的角色，该角色具有 sts:assumerole。我可以使用“切换角色”选项登录 aws Web 控制台。

但是当我运行如下 CLI 命令时：

aws --profile $profile sts get-caller-identity --region $region

我收到以下错误：

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::111111111111:user/john.smith is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::222222222222:role/AssumedAdministrator

这是与该角色相关的受信任实体：

AssumedAdministrator role
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111111111111:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "false"
                }
            }
        }
    ]
}

我做错了什么？如何

在凭证文件中运行 aws cli 命令我的部分：

[default]
aws_access_key_id = ##########################
aws_secret_access_key = ############################
region = ##########

[assumed-#####-admin]
role_arn = arn:aws:iam::222222222222:role/AssumedAdministrator
source_profile = default

谢谢

原文

I am trying to use aws cli to run some commands. I do not have a user account in the target region, but I am trying to use a role called "AssumedAdministrator" which has sts:assumerole.
I can log into the aws web console OK using the "switch role" option.

but when I run a CLI command like :

aws --profile $profile sts get-caller-identity --region $region

I am getting the following error:

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::111111111111:user/john.smith is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::222222222222:role/AssumedAdministrator

Here's the Trusted Entities tied to that role:

AssumedAdministrator role
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111111111111:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "false"
                }
            }
        }
    ]
}

What am I doing wrong? How can I run aws cli commands

my sections in the credentials file:

[default]
aws_access_key_id = ##########################
aws_secret_access_key = ############################
region = ##########

[assumed-#####-admin]
role_arn = arn:aws:iam::222222222222:role/AssumedAdministrator
source_profile = default

Thanks

分享到QQ

分享到微博