Todd
Reputation: 3009
Error when Ec2 running as a role tries to get a Session Token in AWS
I'm running a app on an EC2 using a role with the the permissions:
"sts:GetSessionToken",
"sts:AssumeRole"
When I try to obtain temporary credentials using that role, I get the error:
Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;
Am I missing one or more permissions for the role to be able to obtain temporary session credentials?
Upvotes: 11
Views: 5356
Answers (1)
Todd
Reputation: 3009
According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.
A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)
Upvotes: 11
Related Questions
- The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2
- How to get an AWS EC2 instance ID from within that EC2 instance?
- AccessDenied for ListObjects for S3 bucket when permissions are s3:*
- Generating Temporary Credentials with IAM Role from EC2 Instance in aws .net SDK
- What is exactly "Assume" a role in AWS?
- AWS EC2 IAM role access denied on S3
- Static content for AWS EC2 with IAM role
- AWS Assume role with EC2 instance IAM role not working