问题
Can anyone help me on how to login as an IAM user using AWS SDK? I am using AWS SDK for Java and had been finding suitable APIs to login as an IAM User, which I am not able to. I am able to pass the access and secret keys to login using the SDK, but my use case is to validate the user and the password given by the IAM User
回答1:
I also wish there was secure way to to do this. But from all that I have read there isn't.
The IAM username and password can only be used with the Amazon management console and their forums (http://docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html)
I been drawing a number of ideas in my head to workaround this, but I fail to do so securely.
My best solution so far is using a database where I mirror the iam user name and aws secret access key. With secret key encrypted ofc. But this still has the following drawbacks
- The secret aws key is stored in the database (even if it is not in clear text, it still is there)
- The clients would have the access keys of a user with the rights to list iam users and read access to the database.
So I am not very found this idea.
It just feels like we are both missing something significant here.
回答2:
my guess is that login to an instance on by other authentication providers (such as local auth/AD/LDAP,etc) and use assigned IAM role to make a call to AWS API.
im developing a custom web app, login will be provided by google-oauth (using passport.js) and thinking of assigning IAM roles, so I dont have to provide aws keys or store them.
来源:https://stackoverflow.com/questions/22756229/login-as-iam-user-using-aws-sdk