这是我目前拥有的:
Workload Identity User
和 reCAPTCHA Enterprise Agent
)。{
"type": "external_account",
"audience": "//iam.googleapis.com/projects/<my_account_number>/locations/global/workloadIdentityPools/<my-pool-name>/providers/aws-provider",
"subject_token_type": "urn:ietf:params:aws:token-type:aws4_request",
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/<my-service-account-name>@<my-gcp-project-name>.iam.gserviceaccount.com:generateAccessToken",
"token_url": "https://sts.googleapis.com/v1/token",
"credential_source": {
"environment_id": "aws1",
"region_url": "http://169.254.169.254/latest/meta-data/placement/availability-zone",
"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials",
"regional_cred_verification_url": "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"
}
}
现在我希望我的 AWS Lambda 使用它,以便我可以成功执行以下操作:
client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient(credentials=???)
并拨打我需要的验证码所需的电话。
我到底该怎么做?所有在线示例似乎都使用旧的密钥方式或不使用 lambda 或不使用 google python lib 等...
感谢@JohnHanley 提供相关文档的链接。
这是如何完成的:
import json
from google.auth import aws
from google.cloud import recaptchaenterprise_v1
from google.cloud.recaptchaenterprise_v1 import Assessment
# The JSON in the question in string form loaded from the AWS Lambda's env variables.
service_account_json_info = "{ ... }"
service_account_json_info_dict = json.loads(service_account_json_info)
credentials = aws.Credentials.from_info(service_account_json_info_dict)
scoped_credentials = credentials.with_scopes(["https://www.googleapis.com/auth/cloud-platform"])
# This then works and can make the calls it's authorized to do according to the GCP config.
client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient(credentials=scoped_credentials)