1. 首页
  2. 问答
  3. Powershell:使用临时凭证访问AWS s3存储桶

Powershell:使用临时凭证访问AWS s3存储桶

2016-07-27 147 views
1

我想先创建临时凭证,然后为该用户承担角色。使用该临时凭证,我想访问s3存储桶以对其执行一些操作。但是,当我尝试使用临时accessKey和secretKey访问存储区时,它的抛出执行选项(如AWS访问密钥ID)在我们的记录中不存在。 请帮我解决。Powershell:使用临时凭证访问AWS s3存储桶

P.S:我刚刚接触powershell(使用v2.0)。

param([String]$profile , [string]$mfaVal) 

function Get-IniContent ($filePath) 
{ 
    $ini = @{} 
    switch -regex -file $FilePath 
    { 
    “^\[(.+)\]” # Section 
     { 
      $section = $matches[1] 
      $ini[$section] = @{} 
      $CommentCount = 0 
     } 
    “^(;.*)$” # Comment 
     { 
      $value = $matches[1] 
      $CommentCount = $CommentCount + 1 
      $name = “Comment” + $CommentCount 
     # $ini[$section][$name] = $value 
     } 
    “(.+?)\s*=(.*)” # Key 
     { 
      $name,$value = $matches[1..2] 
      $ini[$section][$name] = $value 
     } 
    } 
    return $ini 
} 

Add-Type -Path "C:\Program Files (x86)\AWS SDK for .NET\past-releases\Version-1\AWSSDK.dll" 

Write-Host $psboundparameters.count 

if ($psboundparameters.count -lt 2){ 
    echo "\r\nWrong parameter values. Please see the usage below. \n\r 
    Usage: Get_s3_bucket_objects.ps1 [profile name (test | preprod | prod)] [MFA code]\r\n\r\n"; 
    exit; 
} 

$ini = Get-IniContent “C:\Users\Desktop\config.ini” 

$bucket = $ini[$profile]["bucketName"] 
$accountID = $ini[$profile]["accountID"] 
$encKey = $ini[$profile]["encKey"] 
$userName =$ini[$profile]["userName"] 
$secretKey =$ini[$profile]["secret"] 
$accessKey =$ini[$profile]["key"] 

Set-AWSCredentials -AccessKey AAHSAI2ER4FDQ -SecretKey BaxkYl9eR/0X9SJTmIy/sajdfgav -StoreAs TestProfile 

Initialize-AWSDefaults -ProfileName TestProfile -Region us-east-1 

$mfa = "arn:aws:iam::$accountID:mfa/testUser" 
$roleArn = "arn:aws:iam::$accountID:role/download-for-signing" 
$sessionName = "session_name" 

$role = Use-STSRole -RoleArn $roleArn -RoleSessionName $sessionName -DurationInSeconds 900 -ExternalId testUser -SerialNumber $mfa -TokenCode $mfaVal -StoredCredentials TestProfile 

$tempAccessKey = $role.Credentials.AccessKeyId 
$tempSecretKey = $role.Credentials.SecretAccessKey 

$client=[Amazon.AWSClientFactory]::CreateAmazonS3Client($tempAccessKey,$tempSecretKey) 
$client.ListBuckets() 

Clear-AWSCredentials -StoredCredentials TestProfile

获取异常,如:

"Exception calling "ListBuckets" with "0" argument(s): "The AWS Access Key Id you provided does not exist in our records." At C:\Users\Desktop\Get_s3_bucket_objects.ps1:91 char:20 + $client.ListBuckets <<<<() 
+ CategoryInfo   : NotSpecified: (:) [], MethodInvocationException 
+ FullyQualifiedErrorId : DotNetMethodException

来源

2016-07-27 Sharat Patil

回答

0

我用aws.s3包得到一个类似的错误在R.我发现我是捡了额外的非文本字符,当我复制的快捷键ID和秘密密钥,并将它们粘贴到我的代码中,在这些行中。

$secretKey =$ini[$profile]["secret"] 
$accessKey =$ini[$profile]["key"]

我重新输入了第一个和最后几个字母和引号,很好去。

来源

2016-11-10 10:42:42 schalls

相关问题

 相关问题