Powershell:使用临时凭证访问 AWS s3 存储桶
Powershell: Accessing AWS s3 buckets using temporary credentials
我想先创建临时凭据,然后为该用户担任角色。使用该临时凭证,我想访问 s3 存储桶以对其执行一些操作。但是当我尝试使用临时 accessKey 和 secretKey 访问存储桶时,我们的记录中不存在像 AWS 访问密钥 ID 这样的抛出异常。
请帮我解决。
P.S : 我是 powershell 的新手(使用 v2.0)。
param([String]$profile , [string]$mfaVal)
function Get-IniContent ($filePath)
{
$ini = @{}
switch -regex -file $FilePath
{
“^\[(.+)\]” # Section
{
$section = $matches[1]
$ini[$section] = @{}
$CommentCount = 0
}
“^(;.*)$” # Comment
{
$value = $matches[1]
$CommentCount = $CommentCount + 1
$name = “Comment” + $CommentCount
# $ini[$section][$name] = $value
}
“(.+?)\s*=(.*)” # Key
{
$name,$value = $matches[1..2]
$ini[$section][$name] = $value
}
}
return $ini
}
Add-Type -Path "C:\Program Files (x86)\AWS SDK for .NET\past-releases\Version-1\AWSSDK.dll"
Write-Host $psboundparameters.count
if ($psboundparameters.count -lt 2){
echo "\r\nWrong parameter values. Please see the usage below. \n\r
Usage: Get_s3_bucket_objects.ps1 [profile name (test | preprod | prod)] [MFA code]\r\n\r\n";
exit;
}
$ini = Get-IniContent “C:\Users\Desktop\config.ini”
$bucket = $ini[$profile]["bucketName"]
$accountID = $ini[$profile]["accountID"]
$encKey = $ini[$profile]["encKey"]
$userName =$ini[$profile]["userName"]
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]
Set-AWSCredentials -AccessKey AAHSAI2ER4FDQ -SecretKey BaxkYl9eR/0X9SJTmIy/sajdfgav -StoreAs TestProfile
Initialize-AWSDefaults -ProfileName TestProfile -Region us-east-1
$mfa = "arn:aws:iam::$accountID:mfa/testUser"
$roleArn = "arn:aws:iam::$accountID:role/download-for-signing"
$sessionName = "session_name"
$role = Use-STSRole -RoleArn $roleArn -RoleSessionName $sessionName -DurationInSeconds 900 -ExternalId testUser -SerialNumber $mfa -TokenCode $mfaVal -StoredCredentials TestProfile
$tempAccessKey = $role.Credentials.AccessKeyId
$tempSecretKey = $role.Credentials.SecretAccessKey
$client=[Amazon.AWSClientFactory]::CreateAmazonS3Client($tempAccessKey,$tempSecretKey)
$client.ListBuckets()
Clear-AWSCredentials -StoredCredentials TestProfile
获取异常如:
"Exception calling "ListBuckets" with "0" argument(s): "The AWS Access Key Id you provided does not exist in our records." At C:\Users\Desktop\Get_s3_bucket_objects.ps1:91 char:20 + $client.ListBuckets <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
我在 R 中使用 aws.s3 包时遇到了类似的错误。当我从 AWS 复制访问密钥 ID 和密钥并将它们粘贴到我的代码中时,我发现我正在拾取额外的非文本字符你会在这些行中。
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]
我重新输入了第一个和最后几个字母和引号,一切顺利。
我想先创建临时凭据,然后为该用户担任角色。使用该临时凭证,我想访问 s3 存储桶以对其执行一些操作。但是当我尝试使用临时 accessKey 和 secretKey 访问存储桶时,我们的记录中不存在像 AWS 访问密钥 ID 这样的抛出异常。 请帮我解决。
P.S : 我是 powershell 的新手(使用 v2.0)。
param([String]$profile , [string]$mfaVal)
function Get-IniContent ($filePath)
{
$ini = @{}
switch -regex -file $FilePath
{
“^\[(.+)\]” # Section
{
$section = $matches[1]
$ini[$section] = @{}
$CommentCount = 0
}
“^(;.*)$” # Comment
{
$value = $matches[1]
$CommentCount = $CommentCount + 1
$name = “Comment” + $CommentCount
# $ini[$section][$name] = $value
}
“(.+?)\s*=(.*)” # Key
{
$name,$value = $matches[1..2]
$ini[$section][$name] = $value
}
}
return $ini
}
Add-Type -Path "C:\Program Files (x86)\AWS SDK for .NET\past-releases\Version-1\AWSSDK.dll"
Write-Host $psboundparameters.count
if ($psboundparameters.count -lt 2){
echo "\r\nWrong parameter values. Please see the usage below. \n\r
Usage: Get_s3_bucket_objects.ps1 [profile name (test | preprod | prod)] [MFA code]\r\n\r\n";
exit;
}
$ini = Get-IniContent “C:\Users\Desktop\config.ini”
$bucket = $ini[$profile]["bucketName"]
$accountID = $ini[$profile]["accountID"]
$encKey = $ini[$profile]["encKey"]
$userName =$ini[$profile]["userName"]
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]
Set-AWSCredentials -AccessKey AAHSAI2ER4FDQ -SecretKey BaxkYl9eR/0X9SJTmIy/sajdfgav -StoreAs TestProfile
Initialize-AWSDefaults -ProfileName TestProfile -Region us-east-1
$mfa = "arn:aws:iam::$accountID:mfa/testUser"
$roleArn = "arn:aws:iam::$accountID:role/download-for-signing"
$sessionName = "session_name"
$role = Use-STSRole -RoleArn $roleArn -RoleSessionName $sessionName -DurationInSeconds 900 -ExternalId testUser -SerialNumber $mfa -TokenCode $mfaVal -StoredCredentials TestProfile
$tempAccessKey = $role.Credentials.AccessKeyId
$tempSecretKey = $role.Credentials.SecretAccessKey
$client=[Amazon.AWSClientFactory]::CreateAmazonS3Client($tempAccessKey,$tempSecretKey)
$client.ListBuckets()
Clear-AWSCredentials -StoredCredentials TestProfile
获取异常如:
"Exception calling "ListBuckets" with "0" argument(s): "The AWS Access Key Id you provided does not exist in our records." At C:\Users\Desktop\Get_s3_bucket_objects.ps1:91 char:20 + $client.ListBuckets <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
我在 R 中使用 aws.s3 包时遇到了类似的错误。当我从 AWS 复制访问密钥 ID 和密钥并将它们粘贴到我的代码中时,我发现我正在拾取额外的非文本字符你会在这些行中。
$secretKey =$ini[$profile]["secret"]
$accessKey =$ini[$profile]["key"]
我重新输入了第一个和最后几个字母和引号,一切顺利。