I am getting Access denied error while connecting to STS Assumed Role using Boto3

61 Views Asked by Avani Shroff At 11 January 2024 at 08:47

I am able to manually assume role using AWS console but while assuming role using boto3 getting access denied error |

sts_client = boto3.client('sts')
assumed_role = sts_client.assume_role(
    RoleArn=aws_src_role_arn,
    RoleSessionName='AssumeRoleSession')

I tried using lambda and python code as well but facing the same issue in both

Original Q&A

There are 1 best solutions below

alexis-donoghue On 11 January 2024 at 11:03

When you assume a role with a call to STS, you get the temporary credentials in response. You need to construct an additional client or resource using those credentials because the default client uses the original lambda's role credentials. Excerpt from AWS documentation with code examples:

response = sts_client.assume_role(
    RoleArn=assume_role_arn, RoleSessionName=session_name
)
temp_credentials = response["Credentials"]
print(f"Assumed role {assume_role_arn} and got temporary credentials.")

...

s3_resource = boto3.resource(
    "s3",
    aws_access_key_id=temp_credentials["AccessKeyId"],
    aws_secret_access_key=temp_credentials["SecretAccessKey"],
    aws_session_token=temp_credentials["SessionToken"],
)

I am getting Access denied error while connecting to STS Assumed Role using Boto3

There are 1 best solutions below

Related Questions in BOTO3

Related Questions in STS

Related Questions in ASSUME-ROLE

Trending Questions

Popular # Hahtags

Popular Questions