Todd
Todd

Reputation: 3009

Error when Ec2 running as a role tries to get a Session Token in AWS

I'm running a app on an EC2 using a role with the the permissions:

"sts:GetSessionToken",
"sts:AssumeRole"

When I try to obtain temporary credentials using that role, I get the error:

Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;

Am I missing one or more permissions for the role to be able to obtain temporary session credentials?

Upvotes: 11

Views: 5356

Answers (1)

Todd
Todd

Reputation: 3009

According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.

A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)

Upvotes: 11

Related Questions