Krambambuli has asked for the wisdom of the Perl Monks concerning the following question:
hoping that someone out there might know the answers and would be kind enough to respond, here my two questions. Trying to get acquainted with Amazon services and Paws, I've set up my ~/.aws/credentials to be
The simple code I'm playing with is like[profile instrument] source_profile = default role_arn = arn:aws:iam::MY_IAM_CODE:role/MY_ROLE region = us-east-1 [default] region = us-east-1 aws_secret_access_key = "MY_SECRET_ACCESS_KEY" aws_access_key_id = "MY_ACCESS_KEY_ID"
And here the two things I'm unhappy with.#!/usr/bin/perl use strict; use warnings; use Data::Dumper; use Paws; use Paws::Net::LWPCaller; use Paws::Credential::AssumeRole; my $lwp_caller = new Paws::Net::LWPCaller( debug => 1 ); my $cloudwatch = Paws->service('CloudWatch', caller => $lwp_caller, credentials => Paws::Credential::Assum +eRole->new( RoleArn => 'arn:aws:iam::MY_IAM_CO +DE:role/MY_ROLE', RoleSessionName => 'just_kidding', caller => $lwp_caller, ), region => 'us-east-1', profile_name => 'instrument', ); #print Dumper( $cloudwatch ); #exit; my $res = $cloudwatch->ListAllMetrics( Dimensions => , MetricName => 'MY_METRIC', Namespace => 'MY_NAMESPACE', #NextToken => '', ); print Dumper( $res ); exit;
1. If I launch the above cod as
$ AWS_ACCESS_KEY="MY_ACCESS_KEY_ID" AWS_SECRET_KEY="MY_SECRET_ACCESS_KEY" ./test_paws.pl
it works. But if I launch it as
it doesn't, and I get an error message that says
The security token included in the request is invalidI cannot spot the error in the credentials file, and it seems to me that it is OK, but is simply ignored, although it _should_ be considered. So, is there anything I need to do to get the default credentials properly working...?
2. The documentation says that the default 'caller' is HTTP::Tiny. LWP can be used instead if wanted, and the above code uses it OK. I'm unsure about the second caller spec; if I omit it, i.e have
then the call to AssumeRole is done with HTTP:Tiny, whereas the call for ListAllMetrics is done as expected via LWP. Is that expected behavior? Shouldn't the caller used for getting the credentials be the same as the one for ListAllMetrics, even without 'saying it again'?my $cloudwatch = Paws->service('CloudWatch', caller => $lwp_caller, credentials => Paws::Credential::Assum +eRole->new( RoleArn => 'arn:aws:iam::MY_IAM_CO +DE:role/MY_ROLE', RoleSessionName => 'just_kidding', #caller => $lwp_caller, ), region => 'us-east-1', profile_name => 'instrument', );
Many thanks in advance.
|Replies are listed 'Best First'.|
Re: Paws questions
by Corion (Patriarch) on May 01, 2017 at 19:23 UTC
Re: Paws questions
by Krambambuli (Curate) on May 06, 2017 at 08:27 UTC