通过amazon S3 sdk for javascript访问IAM角色和图像
我正在为s3 bucket使用IAM角色。我想在不使用任何密钥和访问密钥的情况下访问s3中的图像。我正在使用aws s3 javascript sdk 您将需要设置STS并承担获取访问AWS服务的临时凭据的角色通过amazon S3 sdk for javascript访问IAM角色和图像,javascript,amazon-web-services,amazon-s3,Javascript,Amazon Web Services,Amazon S3,我正在为s3 bucket使用IAM角色。我想在不使用任何密钥和访问密钥的情况下访问s3中的图像。我正在使用aws s3 javascript sdk 您将需要设置STS并承担获取访问AWS服务的临时凭据的角色 /* */ var params = { DurationSeconds: 3600, RoleArn: "arn:aws:iam::123456789012:role/demo", RoleSessionName: "Bob" }; sts.assumeRol
/* */
var params = {
DurationSeconds: 3600,
RoleArn: "arn:aws:iam::123456789012:role/demo",
RoleSessionName: "Bob"
};
sts.assumeRole(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
/*
data = {
AssumedRoleUser: {
Arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob",
AssumedRoleId: "ARO123EXAMPLE123:Bob"
},
Credentials: {
AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
Expiration: <Date Representation>,
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
SessionToken: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
},
PackedPolicySize: 6
}
*/
});
/**/
变量参数={
持续时间秒:3600,
RoleArn:“arn:aws:iam::123456789012:角色/演示”,
RoleSessionName:“鲍勃”
};
sts.assumeRole(参数、函数(错误、数据){
if(err)console.log(err,err.stack);//发生错误
else console.log(数据);//响应成功
/*
数据={
助理署长:{
Arn:“Arn:aws:sts::123456789012:担任角色/演示/鲍勃”,
假设Droleid:“大约123例123:Bob”
},
证书:{
AccessKeyId:“AKIAIOSFODNN7EXAMPLE”,
有效期:,
SecretAccessKey:“wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY”,
SessionToken:7.4.4.HZZZTWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWVVVVVVVV75-WWWWWWWWWWW7-7-VVVVVV7-7-7-7-7-7-7-7-H7-H7-H7-H7-F7-7-8-8-8-8-8-8-8-8-7-7-8-7-8-8-7-8-8-8-8-8-7-8-8-8-8-8-8-8-8-8-8-8-8-8-8-8-8 WJ2ICCR/oLxBA==”
},
包装策略大小:6
}
*/
});
谢谢strongjz,我一定会试试。也可以使用cognito身份池ID访问我是角色s3图像做同样的事情吗?我没有与cognito合作过很多,但读过相关文章,似乎是这样