those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER,
according to the permission policy attached to the role.
+.. code-block:: console
+
+ radosgw-admin caps add --uid="TESTER" --caps="roles=*"
+
+2. The following is an example of the AssumeRole API call, which shows steps to create a role, assign a policy to it
+ (that allows access to S3 resources), assuming a role to get temporary credentials and accessing S3 resources using
+ those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER,
+ according to the permission policy attached to the role.
+
.. code-block:: python
import boto3
STSLite
=======
STSLite has been built on STS, and documentation for the same can be found here
-:doc:`STSLite`.
\ No newline at end of file
+:doc:`STSLite`.
**TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required.
An administrative user needs to attach a policy to allow invocation of GetSessionToken API using its permanent
-credentials and to allow subsequent s3 operations invocation using only the temporary credentials returned
+credentials and to allow subsequent S3 operations invocation using only the temporary credentials returned
by GetSessionToken.
The user attaching the policy needs to have admin caps. For example::
projects / ceph.git / commitdiff