Question
- after configure account and STS role with lambda, Vault aws/auth, Vault STS Do I need more configure?
- when access HCP using lambda do I need token for an access?
Environment
- STS Account.
- Use python as lambda
- Vault cloud locate at US region
- my lambda run at Singapore region “ap-southeast-1”
config policy
# List, create, update, and delete key/value secrets
path "secret/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
config aws role
Key Value
--- -----
allow_instance_migration false
auth_type iam
bound_account_id []
bound_ami_id []
bound_ec2_instance_id <nil>
bound_iam_instance_profile_arn []
bound_iam_principal_arn [arn:aws:iam::999999999999:role/TTLAssumeRoleForLambdaSftpAuthen]
bound_iam_principal_id [AROAVNP2OSEHVCCCQ22PL]
bound_iam_role_arn []
bound_region []
bound_subnet_id []
bound_vpc_id []
disallow_reauthentication false
inferred_aws_region n/a
inferred_entity_type n/a
max_ttl 1h
resolve_aws_unique_ids true
role_id cd9949b8-4f6e-a3e4-21cf-0e799d45d37c
role_tag n/a
token_bound_cidrs []
token_explicit_max_ttl 0s
token_max_ttl 1h
token_no_default_policy false
token_num_uses 0
token_period 0s
token_policies []
token_ttl 0s
token_type default