Hello Yuan, While creating the role, can you try setting the Principal to the user you want the role to be assumed by, and the Action to - sts:AssumeRole, like below:
policy_document = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam:::user/TESTER1\"]},\"Action\":[\"sts:AssumeRole\"]}]}" Also, can you search for 'AssumeRole' in radosgw logs, and attach the snippet here. Thanks, Pritha On Mon, May 20, 2019 at 2:36 PM Yuan Minghui <yuankylek...@gmail.com> wrote: > > > Hello everyone: > > When I use the method :” assume_role”, like this: > > sts_client = boto3.client('sts', > aws_access_key_id=access_key, > aws_secret_access_key=secret_key, > endpoint_url=host, > ) > response = sts_client.assume_role(RoleArn='arn:aws:iam:::role/AccessRole1', > RoleSessionName="ymh_bucketAccess") > > > > I create a role in terminal: > > > > [image: cid:image001.png@01D50F28.B58728A0] > > I return that : > > > > Traceback (most recent call last): > > File "/Users/yuanminghui/PycharmProjects/myproject1/10-sts-demo.py", > line 64, in test1 > > response = > sts_client.assume_role(RoleArn='arn:aws:iam:::role/AccessRole1', > RoleSessionName="ymh_bucketAccess") > > File > "/Users/yuanminghui/PycharmProjects/myproject1/venv/lib/python3.7/site-packages/botocore/client.py", > line 357, in _api_call > > return self._make_api_call(operation_name, kwargs) > > File > "/Users/yuanminghui/PycharmProjects/myproject1/venv/lib/python3.7/site-packages/botocore/client.py", > line 661, in _make_api_call > > raise error_class(parsed_response, operation_name) > > botocore.exceptions.ClientError: An error occurred (Unknown) when calling > the AssumeRole operation: Unknown > > > > > > I really do not know whats wrong with this? Is there someone can help? > Thanks a lot. > > best wishes! > > > > > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com