python
import boto3
ACCESS_KEY_ID="xxxxxxxxxxxxx"
aws_secret_access_key = "xxxxxxxxxxxxx"
role_arn = 'arn:aws:iam::911111111111:role/xxxx-role'
session = boto3.Session(aws_access_key_id=ACCESS_KEY_ID,
aws_secret_access_key=SECRET_ACCESS_KEY,
region_name="us-east-1")
sts_client = session.client("sts")
#获取 IAM 用户的 temporary credentials
credentials = sts_client.assume_role(RoleArn=role_arn, RoleSessionName="a-session")
#使用 temporary credentials 创建一个 S3 client
s3_client = boto3.client("s3",
aws_access_key_id=credentials['Credentials']["AccessKeyId"],
aws_secret_access_key=credentials['Credentials'] ["SecretAccessKey"],
aws_session_token=credentials['Credentials']["SessionToken"])
s3_client.upload_file("filefullpath", "bucket-name-not-arn", "object_key")
一段示例代码,如何用Python boto3先使用某个IAM User的AK SK登陆sts。
然后继承某个IAM Role。
最后执行某个具体操作,比如代码中的 上传文件到S3 bucket。