我正在尝试使用boto3在lambda函数中获取AWS账户中的root用户详细信息,但它会给出以下错误。
"errorMessage": "An error occurred (NoSuchEntity) when calling the GetUser operation: The user with name root cannot be found.", "errorType": "NoSuchEntityException"代码片段:
import boto3 client = boto3.client('iam') response = client.get_user( UserName='root' )I am trying to get the root user details in an AWS account in lambda function using boto3, however it gives the below error.
"errorMessage": "An error occurred (NoSuchEntity) when calling the GetUser operation: The user with name root cannot be found.", "errorType": "NoSuchEntityException"Code Snippet:
import boto3 client = boto3.client('iam') response = client.get_user( UserName='root' )最满意答案
没有称为root的 IAM用户。
根用户实际上与AWS账户相关联。 它完全独立于IAM,它允许创建个人用户。
您不能禁用与root用户关联的访问密钥,但可以从根用户中删除访问密钥 。
delete-access-key文档不太清楚,但它确实引用了能够通过API调用删除密钥。 如果我正确读取它, 则可以删除根键 - 但只能以root用户身份调用该函数 。 这在Lambda函数中是不可能的。
最好的行动方案可能是通过管理控制台删除根密钥 ,然后尝试找到一种方法来监控它(但我怀疑没有可以提供此信息的调用)。 幸运的是,只能通过以root用户身份登录到控制台来添加凭据。 添加MFA令牌可以限制发生这种情况的可能性。
There is no IAM user called root.
The root user is actually associated with the AWS Account. It is totally separate to IAM, which allows individuals users to be created.
You cannot disable the Access Key associated with the root user, but you can Delete Access Keys from the Root User.
The delete-access-key documentation isn't too clear, but it does make reference to being able to delete the keys via an API call. If I'm reading it correctly, the root keys can be deleted — but only calling the function as the root user. This would not be possible from a Lambda function.
The best course of action is probably to delete the root key via the management console, then try to find a way to monitor it (but I suspect there is no call that could provide this information). Fortunately, the credentials can only be added back by logging into the console as the root user. Adding an MFA token would limit the likelihood of this happening.
更多推荐
发布评论