问题
I'm running a app on an EC2 using a role with the the permissions:
"sts:GetSessionToken",
"sts:AssumeRole"
When I try to obtain temporary credentials using that role, I get the error:
Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;
Am I missing one or more permissions for the role to be able to obtain temporary session credentials?
回答1:
According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.
A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)
来源:https://stackoverflow.com/questions/35873012/error-when-ec2-running-as-a-role-tries-to-get-a-session-token-in-aws