How can AWS STS get-caller-identity help troubleshoot failing Lambda functions?

193    Asked by DominicPoole in AWS , Asked on Jun 18, 2024

 am a Cloud engineer and I am currently working for a company that uses AWS for its infrastructure. Recently, there has been an issue where some AWS lambda functions are failing due to the lack of the necessary permission to access certain AWS resources. To identify the called Identity of these lambda functions, I decide to use the AWS sts get-caller-identity API call. Describe to me how can I implement this solution. 

Answered by David

In the context of AWS, here are the steps given:-


Set up the AWS SDK

You should try to ensure that the AWS SDK for Python is installed. In the lambda environment, the Boto3 should be pre-installed. Here is the example given:-


Write the lambda function for calling get caller identity

Now you can write the lambda function for the purpose of calling the get caller identity by using the boto 3 and then log the identity details. Here is the example given below:-

Package com.example;

Import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;

Import software.amazon.awssdk.services.sts.StsClient;

Import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest;

Import software.amazon.awssdk.services.sts.model.GetCallerIdentityResponse;

Import org.slf4j.Logger;Import org.slf4j.LoggerFactory;
Public class LambdaHandler {

    Private static final Logger logger = LoggerFactory.getLogger(LambdaHandler.class);

    Public static void main(String[] args) {

        lambdaHandler();

    }
    Public static void lambdaHandler() {

        // Create an STS client

        StsClient stsClient = StsClient.builder()

                .credentialsProvider(ProfileCredentialsProvider.create())

                .build();

        Try {

            // Create a GetCallerIdentity request

            GetCallerIdentityRequest getCallerIdentityRequest = GetCallerIdentityRequest.builder().build();

            // Call GetCallerIdentity

            GetCallerIdentityResponse response = stsClient.getCallerIdentity(getCallerIdentityRequest);

            // Extract relevant information

            String userId = response.userId();

            String account = response.account();

            String arn = response.arn();

            // Log the caller identity information

            Logger.info(“UserId: {}, Account: {}, Arn: {}”, userId, account, arn);

        } catch (Exception e) {

            Logger.error(“Error calling GetCallerIdentity”, e);

        } finally {

            // Close the STS client

            stsClient.close();

        }

    }

}

Handling the response

The response object from “getcalleridentity” contains the user id, account and arn. These fields can be used for the purpose of logging and troubleshooting.

Package com.example;

Import com.amazonaws.services.lambda.runtime.Context;

Import com.amazonaws.services.lambda.runtime.RequestHandler;

Import com.amazonaws.services.lambda.runtime.events.SQSEvent;

Import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;

Import software.amazon.awssdk.services.sts.StsClient;

Import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest;

Import software.amazon.awssdk.services.sts.model.GetCallerIdentityResponse;

Import software.amazon.awssdk.services.sts.model.StsException;

Import org.slf4j.Logger;

Import org.slf4j.LoggerFactory;
Public class LambdaHandler implements RequestHandler {

    Private static final Logger logger = LoggerFactory.getLogger(LambdaHandler.class);

    @Override

    Public String handleRequest(SQSEvent event, Context context) {

        // Initialize the STS client

        StsClient stsClient = StsClient.builder()

                .credentialsProvider(DefaultCredentialsProvider.create())

                .build();
        Try {

            // Create a GetCallerIdentity request

            GetCallerIdentityRequest getCallerIdentityRequest = GetCallerIdentityRequest.builder().build();

            // Call GetCallerIdentity

            GetCallerIdentityResponse response = stsClient.getCallerIdentity(getCallerIdentityRequest);

            // Extract relevant information

            String userId = response.userId();

            String account = response.account();

            String arn = response.arn();

            // Log the caller identity information

            Logger.info(“UserId: {}, Account: {}, Arn: {}”, userId, account, arn);

            // Return the response details as a string

            Return String.format(“Caller Identity – UserId: %s, Account: %s, Arn: %s”, userId, account, arn);

        } catch (StsException e) {

            Logger.error(“Error calling GetCallerIdentity”, e);

            Return “Error fetching caller identity: “ + e.getMessage();

        } finally {

            // Close the STS client

            stsClient.close();

        }

    }

}


Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com