我要在遵循规则后尝试连接到AWS sqs,并且在一小时后收到过期的安全令牌错误,如何自动刷新连接?
@Bean
public QueueMessagingTemplate queueMessagingTemplate(){
return new QueueMessagingTemplate(amazonSQSAsync());
}
private AmazonSQSAsync amazonSQSAsync(){
try {
logger.info("Start amazonSQSAsync");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(AWS_REGION)
.build();
logger.info("stsClient created successfully");
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(ROLE_ARN)
.withRoleSessionName(ROLE_SESSION_NAME)
.withDurationSeconds(3600);
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);
logger.info("assumeRoleResult created successfully");
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
assumeRoleResult.getCredentials().getAccessKeyId(),
assumeRoleResult.getCredentials().getSecretAccessKey(),
assumeRoleResult.getCredentials().getSessionToken());
logger.info("basicSessionCredentials created successfully");
AmazonSQSAsync amazonSQSAsync = AmazonSQSAsyncClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
.withRegion(AWS_REGION).build();
// .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(SQS_URL,"us-east-2"))
logger.info("amazonSQSAsync created successfully");
return amazonSQSAsync;
} catch (Exception e){
logger.error("Failed to create Amazon sqs client", e);
throw e;
}
}
答案 0 :(得分:0)
您可以从STSAssumeRoleSessionCredentialsProvider获取自动续订凭据:
AWSSecurityTokenService stsClient
= AWSSecurityTokenServiceClientBuilder.defaultClient();
STSAssumeRoleSessionCredentialsProvider assumedRoleCredentialsProvider
= new STSAssumeRoleSessionCredentialsProvider.Builder(ROLE_ARN, SESSION_ID)
.withStsClient(stsClient)
.build();
AmazonSQS sqsClient
= AmazonSQSClientBuilder.standard()
.withCredentials(assumedRoleCredentialsProvider)
.build();
请注意,在使用派生客户端时,无法关闭stsClient。根据AWS的建议,创建一个可以持续整个程序生命周期的单例实例。