1
我想先創建臨時憑證,然後爲該用戶承擔角色。使用該臨時憑證,我想訪問s3存儲桶以對其執行一些操作。但是,當我嘗試使用臨時accessKey和secretKey訪問存儲區時,它的拋出執行選項(如AWS訪問密鑰ID)在我們的記錄中不存在。 請幫我解決。Powershell:使用臨時憑證訪問AWS s3存儲桶
P.S:我剛剛接觸powershell(使用v2.0)。
param([String]$profile , [string]$mfaVal)
function Get-IniContent ($filePath)
{
$ini = @{}
switch -regex -file $FilePath
{
「^\[(.+)\]」 # Section
{
$section = $matches[1]
$ini[$section] = @{}
$CommentCount = 0
}
「^(;.*)$」 # Comment
{
$value = $matches[1]
$CommentCount = $CommentCount + 1
$name = 「Comment」 + $CommentCount
# $ini[$section][$name] = $value
}
「(.+?)\s*=(.*)」 # Key
{
$name,$value = $matches[1..2]
$ini[$section][$name] = $value
}
}
return $ini
}
Add-Type -Path "C:\Program Files (x86)\AWS SDK for .NET\past-releases\Version-1\AWSSDK.dll"
Write-Host $psboundparameters.count
if ($psboundparameters.count -lt 2){
echo "\r\nWrong parameter values. Please see the usage below. \n\r
Usage: Get_s3_bucket_objects.ps1 [profile name (test | preprod | prod)] [MFA code]\r\n\r\n";
exit;
}
$ini = Get-IniContent 「C:\Users\Desktop\config.ini」
$bucket = $ini[$profile]["bucketName"]
$accountID = $ini[$profile]["accountID"]
$encKey = $ini[$profile]["encKey"]
$userName =$ini[$profile]["userName"]
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]
Set-AWSCredentials -AccessKey AAHSAI2ER4FDQ -SecretKey BaxkYl9eR/0X9SJTmIy/sajdfgav -StoreAs TestProfile
Initialize-AWSDefaults -ProfileName TestProfile -Region us-east-1
$mfa = "arn:aws:iam::$accountID:mfa/testUser"
$roleArn = "arn:aws:iam::$accountID:role/download-for-signing"
$sessionName = "session_name"
$role = Use-STSRole -RoleArn $roleArn -RoleSessionName $sessionName -DurationInSeconds 900 -ExternalId testUser -SerialNumber $mfa -TokenCode $mfaVal -StoredCredentials TestProfile
$tempAccessKey = $role.Credentials.AccessKeyId
$tempSecretKey = $role.Credentials.SecretAccessKey
$client=[Amazon.AWSClientFactory]::CreateAmazonS3Client($tempAccessKey,$tempSecretKey)
$client.ListBuckets()
Clear-AWSCredentials -StoredCredentials TestProfile
獲取異常,如:
"Exception calling "ListBuckets" with "0" argument(s): "The AWS Access Key Id you provided does not exist in our records." At C:\Users\Desktop\Get_s3_bucket_objects.ps1:91 char:20 + $client.ListBuckets <<<<()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException