Amazon web services lambda假定角色为空结果
我正在尝试使用帐户A中的Lambda从帐户B获取EC2实例。不确定我缺少了什么 帐户A:Lambda代码正在运行。 帐户B:EC2实例正在运行。 下面假设角色打印访问密钥和会话令牌ID,但不返回任何结果 帐户B中的IAM角色已附加AmazonEC2ReadOnlyAccess策略,并且信任关系具有arn:aws:IAM::帐户A:role/role-name\u帐户A 代码如下:Amazon web services lambda假定角色为空结果,amazon-web-services,amazon-ec2,aws-lambda,assume-role,Amazon Web Services,Amazon Ec2,Aws Lambda,Assume Role,我正在尝试使用帐户A中的Lambda从帐户B获取EC2实例。不确定我缺少了什么 帐户A:Lambda代码正在运行。 帐户B:EC2实例正在运行。 下面假设角色打印访问密钥和会话令牌ID,但不返回任何结果 帐户B中的IAM角色已附加AmazonEC2ReadOnlyAccess策略,并且信任关系具有arn:aws:IAM::帐户A:role/role-name\u帐户A 代码如下: import json import boto3 from collections import OrderedDi
import json
import boto3
from collections import OrderedDict
from pprint import pprint
import time
from time import sleep
from datetime import date
import datetime
def lambda_handler(event, context):
# Assume Role To connect to other Account
sts_connection = boto3.client('sts')
acct_b = sts_connection.assume_role(
RoleArn="arn:aws:iam::ACCOUNT_B:role/role_name_account_B",
RoleSessionName="cross_acct_lambda"
)
ACCESS_KEY = acct_b['Credentials']['AccessKeyId']
SECRET_KEY = acct_b['Credentials']['SecretAccessKey']
SESSION_TOKEN = acct_b['Credentials']['SessionToken']
# create service client using the assumed role credentials, e.g. S3
ec2 = boto3.client(
"ec2",
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN,
)
status = ec2.describe_instance_status()
pprint(status)
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda!')
}
Response:
{
"statusCode": 200,
"body": "\"Hello from Lambda!\""
}
Response:
{
"statusCode": 200,
"body": "\"Hello from Lambda!\""
}
Request ID:
"ZZZZZZZZZZZZZZZZZZZZ"
Response:
{
"statusCode": 200,
"body": "\"Hello from Lambda!\""
}
Response:
{
"statusCode": 200,
"body": "\"Hello from Lambda!\""
}
Request ID:
"ZZZZZZZZZZZZZZZZZZZZ"
START RequestId: ZZZZZZZZZZZZZZZZZZ Version: $LATEST
{'InstanceStatuses': [],
谢谢。一旦我添加了可以看到结果的区域,感谢John Rotenstein和Jarmod的指导。代码>{'InstanceStatus':[],行来自
描述实例状态()aws ec2描述实例状态