Reputation: 3009
I'm running a app on an EC2 using a role with the the permissions:
"sts:GetSessionToken",
"sts:AssumeRole"
When I try to obtain temporary credentials using that role, I get the error:
Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;
Am I missing one or more permissions for the role to be able to obtain temporary session credentials?
Upvotes: 11
Views: 5356
Reputation: 3009
According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.
A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)
Upvotes: 11