问题
I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment. I am doing it using aws cli with "–-profile " option. How to do the same thing in aws toolkit for eclipse ?
回答1:
Looks like I figured it out with help from an AWS expert. Basically you do 2 things:
- generate an AWS STS session token
- use the "session token" values in your IDE.
Example: aws sts assume-role --role-arn "value" --role-session-name "value" --duration-seconds "value"
put in the values generated for these in your eclipse IDE AWS profile:
AccessKeyId
SecretAccessKey
SessionToken
You can also use a SAML assertion by using this command on the AWS CLI
aws sts assume-role-with-saml --role-arn "value" --principal-arn "value" --saml-assertion "value"
Note: the max session length is defined by the role you're using.
回答2:
In order to switch the account you will need to to add the below to your credentials file:
[regular]
aws_access_key_id = xxxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxx
[dev]
source_profile = regular
role_arn = arn:aws:iam::123456789123:role/RoleName
Once you do that, using AWS Toolkit, you can select "dev" profile and that's it!
来源:https://stackoverflow.com/questions/51262113/assume-switch-role-in-aws-toolkit-for-eclipse-2-0