Open gregorytasonis opened 6 years ago
pplu
commented
6 years ago Hi,
Does this help? https://github.com/pplu/aws-sdk-perl/blob/master/examples/cross_account.pl
BTW: the credentials used to call the AssumeRole are the ones you would load by default in Paws (environment, aws credentials file, metadata service, etc).
Skeeve
commented
3 years ago I do not get, how to take "AssumeRole" data from ~/.aws/config.
For aws CLI I have Credntials in ~/.aws/credentials and AssumeRole data in ~/.aws/config.
But I only succeed in letting my script use the credentials. AssumRole data I have to provide in my script like so:
use Paws;
use Paws::Credential::AssumeRole;
my %AssumeRole = (
RoleSessionName => 'some_name',
RoleArn => 'arn:aws:iam::NUMBER:role/RoleName',
ExternalId => 'some-uuid-string',
);
my $s3 =
Paws
->new( config => {
credentials => Paws::Credential::AssumeRole->new( %AssumeRole ),
})
->service('S3',
region => 'us-east-1',
)
;
use Data::Dumper;
print Dumper $s3->ListObjectsV2(
Bucket => 'theBucket',
Prefix => 'thePrefix',
);Is there any way I can use the ~/.aws/config file?
pplu
commented
3 years ago Paws traditionally hasn't parsed the ~/.aws/config file, since that is a file for the AWS CLI, and not the AWS SDK. Last time I looked that was the behaviour of botocore.
Building a credential provider on top of the assumerole provider that gets the config for assuming a role from the config file would be a nice thing to have in Paws, or a separate CPAN distro.
@jjatria built a config parser that understands the config file: https://metacpan.org/release/AWS-CLI-Config.
Hope it helps!
Skeeve
commented
3 years ago fttb I will not attempt to implement it but keep the AssumeRolle stuff in my code. I have almost no knowledge about AWS. I just have to consume files provided to me via S3. I just need to get it to work. So: Sorry. I don't feel able to help.
Regarding the distinction between CLI and SDK, I found this when checking out my options for GO: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials
SDK defaults to
configfile under.awsfolder that is placed in the home folder on your computer.
jjatria
commented
3 years ago @jjatria built a config parser that understands the config file
FWIW, https://metacpan.org/pod/Config::AWS is probably the one to use. AWS::CLI::Config was inherited by me, and my plan is to make it use the former under the hood.
I'm a bit confused on how to use the "Paws::Credential::AssumeRole" constructor. Where do you specify the permisssions for the underlying IAM object allowed to assume the role in question? USER_1 in account 1 can assume the "DEVELOPER" role in account 2. I create a $paws object with the permissions of USER_1. What does the AssumerRole constructor look like?