I'm running a app on an EC2 using a role with the the permissions:
"sts:GetSessionToken",
"sts:AssumeRole"
When I try to obtain temporary credentials using that role, I get the error:
Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied;
Am I missing one or more permissions for the role to be able to obtain temporary session credentials?
According to AWS support, roles cannot request temporary credentials. Only actual Users can do that.
A work around is to use the role's credentials. They get rolled over every hour, so they are temporary (albeit hard coded to 1 hour TTL)