S3 with temporary credentials from lambda

[togro]

Hello,

I am experiencing an issue with AWS Lambda and S3. When I use fixed IAM credentials within a Lambda function, I can successfully retrieve a file from S3.

However, when I switch to using the credentials provided in the Lambda execution environment, I receive an HTTP/1.1 403 Forbidden error.

I am wondering if there might be a way to add a header, specifically 'X-Amz-Security-Token', or if there's a specific parameter for the token that I may be missing.

I would greatly appreciate any assistance you could provide.

Best Regards

[leejo]

Hey! I'm currently away - I'll try to have a look when I'm back sometime next week. If you could provide any example code/test cases that would help a lot.

Thanks!

[togro]

I fixed temporarily with other module, but I need fix the same with ECS , some our software doesn't have temporary credentiales and is similar to lambda, as you can see this module accept token session :

$s3 = Amazon::S3::Thin->new(
    {
        aws_access_key_id     => $ENV{'AWS_ACCESS_KEY_ID'},
        aws_secret_access_key => $ENV{'AWS_SECRET_ACCESS_KEY'},
        aws_session_token     => $ENV{'AWS_SESSION_TOKEN'},
        region                => 'us-east-1'
    }
);   

And works fine with token, and rol has 1 hour temporary credentiales.

I hope that you can add session token support .

Regards and thanks

[leejo]

Hey! Thanks for investigating - if you can look at patching the dist to support this I'm happy to accept a PR, I probably won't have time to look myself for a few weeks at the earliest.

Thanks, Lee.

[togro]

Sorry i'm not familiriazed with Moose, but the other module only add this :

$request->header('X-Amz-Security-Token', $self->{credentials}->session_token);

On https://metacpan.org/module/AWS::Signature4 is the same .

ref: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html

If you make some release I can test from repository.

[leejo]

OK. I'll try to have a look some time soon however I am busy at the moment and then away for 3 weeks so it will be a couple of months at the earliest before I can get something out.