Re: [ceph-users] Could someone can help me to solve this problem about ceph-STS(secure token session)

Mon, 20 May 2019 08:11:00 -0700 

Hello Yuan,

While creating the role, can you try setting the Principal to the user you
want the role to be assumed by, and the Action to - sts:AssumeRole, like
below:

policy_document =
"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam:::user/TESTER1\"]},\"Action\":[\"sts:AssumeRole\"]}]}"

Also, can you search for 'AssumeRole' in radosgw logs, and attach the
snippet here.

Thanks,
Pritha

On Mon, May 20, 2019 at 2:36 PM Yuan Minghui <yuankylek...@gmail.com> wrote:

>
>
> Hello everyone:
>
>        When I use the method :” assume_role”, like this:
>
>         sts_client = boto3.client('sts',
>                 aws_access_key_id=access_key,
>                 aws_secret_access_key=secret_key,
>                 endpoint_url=host,
>                 )
> response = sts_client.assume_role(RoleArn='arn:aws:iam:::role/AccessRole1', 
> RoleSessionName="ymh_bucketAccess")
>
>
>
> I create a role in terminal:
>
>
>
> [image: cid:image001.png@01D50F28.B58728A0]
>
> I return that :
>
>
>
> Traceback (most recent call last):
>
>   File "/Users/yuanminghui/PycharmProjects/myproject1/10-sts-demo.py",
> line 64, in test1
>
>     response =
> sts_client.assume_role(RoleArn='arn:aws:iam:::role/AccessRole1',
> RoleSessionName="ymh_bucketAccess")
>
>   File
> "/Users/yuanminghui/PycharmProjects/myproject1/venv/lib/python3.7/site-packages/botocore/client.py",
> line 357, in _api_call
>
>     return self._make_api_call(operation_name, kwargs)
>
>   File
> "/Users/yuanminghui/PycharmProjects/myproject1/venv/lib/python3.7/site-packages/botocore/client.py",
> line 661, in _make_api_call
>
>     raise error_class(parsed_response, operation_name)
>
> botocore.exceptions.ClientError: An error occurred (Unknown) when calling
> the AssumeRole operation: Unknown
>
>
>
>
>
> I really do not know whats wrong with this? Is there someone can help?
> Thanks a lot.
>
> best wishes!
>
>
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to