· 8 years ago · Jan 30, 2018, 07:38 AM
1# setup AWS Connection details
2awsSession = boto3.Session(profile_name="opsdev")
3
4def getInfoFromDynamoDB(service):
5 client = awsSession.client('kms')
6 dynamodb = awsSession.resource('dynamodb')
7 table = dynamodb.Table('app_info')
8
9 response = table.get_item(
10 Key={
11 # here is where the eroor comes out as "Unable to locate credentials"
12 "service": str(service)
13 }
14)
15
16MongodbInfo = getInfoFromDynamoDB('Mongodb')
17
18[default]
19aws_access_key_id = xxxxxxxxxxxxxxxxQQ
20aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGf
21
22[profile opsdev]
23output = json
24role_arn = arn:aws:iam::123456789123:role/DEV
25mfa_serial = arn:aws:iam::123456789123:mfa/abc@def.com
26source_profile = default
27region = us-east-1
28
29[default]
30aws_access_key_id = xxxxxxxxxxxxxxxxQQ
31aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGf
32[opsdev]
33role_arn = arn:aws:iam::123456789123:role/DEV
34mfa_serial = arn:aws:iam::123456789123:mfa/abc@def.com
35source_profile = default
36region = us-east-1
37
38aws --profile=role s3 ls --debug
39
40$ aws sts assume-role --role-arn arn:aws:iam::709957318545:role/DEV_OperationsDevelopers --role-session-name testAssumeRole
41
42An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::123456789123:assumed-role/DEV/AWS-CLI-session-987654321987 is not authoried to perform: sts:AssumeRole on resource:arn:aws:iam::123456789123:role/DEV
43
44$ aws configure list
45Name Value Type Location
46---- ----- ---- --------
47profile opsdev manual --profile
48access_key ****************xxIQ assume-role
49secret_key ****************xxf0 assume-role
50region us-east-1 config-file ~/.aws/config
51
52$ aws sts get-caller-identity --profile opsdev
53Enter MFA code:
54{
55"Account": "123456789123",
56"UserId": "xxxxxxxxxxxxxxxxxxxxxxxx:AWS-CLI-session-987654321",
57"Arn": "arn:aws:sts::123456789123:assumed-role/DEV/AWS-CLI-session-987654321"}