我正在编写一个PowerShell脚本,需要通过Cognito使用未经身份验证的角色访问AWS S3 bucket,但很难找到很多文档。我能找到的AWS PowerShell SDK的所有文档都讨论了如何存储AccessKey和SecretKey,但从未讨论过在不使用用户池时如何使用Cognito获取这些凭据。
8yoxcaq71#
使用PowerShell可能还有其他方法(我还没有找到),但是您可以使用AWS的REST API通过Cognito获得临时凭据。以下PowerShell示例说明如何:
有关详细信息,请参阅:
function Get-CognitoRestURL { param( [parameter(Mandatory)]$Region ) return "https://cognito-identity.{0}.amazonaws.com/" -f $Region } function Get-AWSTempCredentials { param( [parameter(Mandatory)]$IdentityPoolId, [parameter(Mandatory)]$Region ) try { $cognitoRestURL = Get-CognitoRestURL -Region $Region $requestTempId = Invoke-RestMethod -Uri $cognitoRestURL -Method "POST" ` -Headers @{ "authority"=$cognitoRestURL "x-amz-target"="AWSCognitoIdentityService.GetId" "x-amz-user-agent"="aws-powershell callback" } -ContentType "application/x-amz-json-1.1" -Body "{`"IdentityPoolId`":`"$($IdentityPoolId)`"}" } catch { Write-Error $_ #Request failed, we don't have the data we need to continue break } try { $tempCredentials = Invoke-RestMethod -Uri $cognitoRestURL -Method "POST" ` -Headers @{ "x-amz-target"="AWSCognitoIdentityService.GetCredentialsForIdentity" "x-amz-user-agent"="aws-powershell callback" } -ContentType "application/x-amz-json-1.1" -Body "{`"IdentityId`":`"$($requestTempId.IdentityId)`"}" } catch { Write-Error $_ #Request failed, we don't have the data we need to continue break } return $tempCredentials } function Set-AWSTempCredentials { param( [parameter(Mandatory)]$AccessKeyId, [parameter(Mandatory)]$SecretKey, [parameter(Mandatory)]$SessionToken, [parameter(Mandatory)]$ProfileName, [parameter(Mandatory)]$Region ) Set-AWSCredential -AccessKey $AccessKeyId -SecretKey $SecretKey -SessionToken $SessionToken -StoreAs $ProfileName return Get-AWSCredential -ProfileName $ProfileName } $region = "us-west-1" $IdentityPoolId = "us-west-1:12a01023-4567-123a-bcd1-12345a0b1abc" $response = Get-AWSTempCredentials -IdentityPoolId $IdentityPoolId -Region $region Set-AWSTempCredentials -AccessKeyId $response.Credentials.AccessKeyId ` -SecretKey $response.Credentials.SecretKey ` -SessionToken $response.Credentials.SessionToken ` -ProfileName MyTempCredentials ` -Region $region
1条答案
按热度按时间8yoxcaq71#
使用PowerShell可能还有其他方法(我还没有找到),但是您可以使用AWS的REST API通过Cognito获得临时凭据。
以下PowerShell示例说明如何:
有关详细信息,请参阅: