情景: 我在亚马逊创建一个应用程序,并使用登录亚马逊,它返回一个access_token。然后我运行:
Scenario: I create an app on Amazon, and use Login with Amazon, which returns an "access_token". Then I run:
AWS.config.credentials = new AWS.WebIdentityCredentials({
RoleArn: 'arn:aws:iam::416942672???:role/???_amazon_role',
ProviderId: 'www.amazon.com',
WebIdentityToken:"?????????"
});
AWS.config.region = 'us-west-2';
dynamodb = new AWS.DynamoDB() dynamodb.listTables({}, function a(error,data){
alert( "error: " + JSON.stringify(error) );
alert( JSON.stringify(data) );
});
在我以后运行 ListTable
函数将返回:
When I later run the ListTable
function it will return:
error: {"message":"Missing credentials in config","code":"SigningError","name":"SigningError","statusCode":403,"retryable":false}
我发现好像是我必须调用 AssumeRoleWithWebIdentity
。但是,我怎么能叫它 AWS SDK为JavaScript ?或者有没有其他的过程中,我错过了吗?
I found it seems that I have to call AssumeRoleWithWebIdentity
. But how can I call it in AWS SDK for JavaScript? Or is there any other process I missed?
的获取临时凭据中确实需要调用的 AssumeRoleWithWebIdentity - 这种低级别的API调用是隐含在较高的水平 AWS SDK为JavaScript 凭据提供呼叫新AWS.WebIdentityCredentials(
不过,如见) 类:AWS.WebIdentityCredentials 的:
The process of Getting Temporary Credentials indeed requires a call to AssumeRoleWithWebIdentity - this low level API call is implied in the higher level AWS SDK for JavaScript credentials provider call new AWS.WebIdentityCredentials()
though, see e.g. Class: AWS.WebIdentityCredentials:
再presents从STS的Web身份联合检索凭据 支持。
Represents credentials retrieved from STS Web Identity Federation support.
在默认情况下使用此提供程序获得证书 AWS.STS.assumeRoleWithWebIdentity()的服务操作。此操作 需要包含IAM信任策略的ARN为一个RoleArn 申请该证书将得到。此外,该 WebIdentityToken必须设置由身份提供的令牌 供应商。请参阅构造函数()一个例子创建一个凭证 对象适当RoleArn和WebIdentityToken值。
By default this provider gets credentials using the AWS.STS.assumeRoleWithWebIdentity() service operation. This operation requires a RoleArn containing the ARN of the IAM trust policy for the application for which credentials will be given. In addition, the WebIdentityToken must be set to the token provided by the identity provider. See constructor() for an example on creating a credentials object with proper RoleArn and WebIdentityToken values.
由于错误信息的缺少配置凭据的,你显然传递了不正确的 WebIdentityToken
,这是不是一个惊喜给你只是规定了一些 ?????????
占位符;) - 因为你已经的使用登录亚马逊,它返回一个access_token 的,你会只需要传递ACCESS_TOKEN,而不是那些内容 ?????????
占位符值 WebIdentityToken
和应该准备就绪。
Given the error message "Missing credentials in config", you are obviously passing an incorrect WebIdentityToken
, which isn't a surprise given you just specified some ?????????
placeholders ;) - since you already use Login with Amazon, which returns an access_token, you'll just need to pass the content of that ACCESS_TOKEN instead of those ?????????
placeholders as value for WebIdentityToken
and should be all set.