DEVHIDE
Login Or Sign up

How to use s3 accesskeyId and secretAccessKey for assuming a role with HTTP api

176 Views Asked by At

I have AWS account A and my customer has assigned me a IAM role to access thier AWS account B s3 bucket. Here is the info I have: Account A: accessKeyId that starts with AKIA******** and SecretAccessKey. Account B: I am able to generate accessKeyId that startd with ASIA****, SecretAccessKey and sessionToken.

I want to know how I can uses these info to access bucket of account B via HTTP API, I cannot use sdk.

I followed this for Signature calculation: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

I am able to create a Authorization: header that works fine when I access account A with it's keyId and secretKey, but I cannot access account B with the generated keyId(AISA****) and SecretAccessKey. How to use sessionKey here? I didn't find relevant document.

Here is the policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::##########:user/#####"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "ForAnyValue:StringEquals": {
                    "sts:ExternalId": "#########"
                }
            }
        }
    ]
}

Here is what I am using in which creating HTTP Authorization header.

Host: s3.us-east-2.amazonaws.com
x-amz-date: 20230516T212805Z"
x-amz-content-sha256:###################
Authorization: AWS4-HMAC-SHA256 `Credential=ASIA##############/20230516/us-east-2/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=##############################`

Authorization header is create using temporary keyId(ASIA****) and secretKey

#Updated request after adding x-amz-security-header

X-Amz-Content-Sha256: 44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072
Host: s3.us-east-2.amazonaws.com
X-Amz-Security-Token: FwoGZXIvYXdzEDcaDCnx1E****************
X-Amz-Date: 20230517T214836Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIA######/20230517/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=368ceac########
Content-Type: text/plain
User-Agent: PostmanRuntime/7.32.2
Accept: */*
Postman-Token: 3114d46a-9ecb-4aa7-8824-4fbaf4b6d534
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 21

Response:

<Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><Token-0>FwoGZXIv*******</Token-0
amazon-web-services amazon-s3 aws-signature
Original Q&A
0

There are 0 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in AWS-SIGNATURE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.