Linked Questions

Popular Questions

Why would the code below result in no token in returned credentials? (WIF pool with aws provider exist and service account connected to it)

from google.auth import aws

def lambda_handler(event, context):

    json_config_info = {
      "type": "external_account",
      "audience": "//iam.googleapis.com/projects/XXX/locations/global/workloadIdentityPools/awspool/providers/awsprovider",
      "subject_token_type": "urn:ietf:params:aws:token-type:aws4_request",
      "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[email protected]:generateAccessToken",
      "token_url": "https://sts.googleapis.com/v1/token",
      "credential_source": {
        "environment_id": "aws1",
        "region_url": "http://169.254.169.254/latest/meta-data/placement/availability-zone",
        "url": "http://169.254.169.254/latest/meta-data/iam/security-credentials",
        "regional_cred_verification_url": "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"
      }
    }

    credentials = aws.Credentials.from_info(json_config_info)
    print('token: ', credentials.token)
    print('valid: ', credentials.valid)

I'm getting token=None and valid=False while my understanding credentials should have a token and valid=True?

Related Questions