Spring Cloud AWS SQS AccessDenied

时间:2015-07-02 00:18:16

标签: spring cloud messaging amazon-sqs access-denied

我目前正在尝试使用Spring Cloud和Spring Boot连接到AWS SQS队列时出现连接问题。我相信我的一切都配置得很好但是我得到了:

  

2015-07-01 18:12:11,926 [WARN] [ - ]   org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext [487]    - 上下文初始化期间遇到异常 - 取消刷新尝试   org.springframework.context.ApplicationContextException:失败   start bean'simpleMessageListenerContainer';嵌套异常是   com.amazonaws.AmazonServiceException:访问资源   https://sqs.us-west-2.amazonaws.com/ {Number} / {Queue Name}被拒绝。   (服务:AmazonSQS;状态代码:403;错误代码:AccessDenied;   要求ID:87312428-ec0f-5990-9f69-6a269a041b4d)

@Configuration
@EnableSqs
public class CloudConfiguration {
    private static final Logger log = Logger.getLogger(CloudConfiguration.class);

    @MessageMapping("QUEUE")
    public void retrieveProvisionMessages(User user) {
        log.warn(user.firstName);
    }
}

YML

cloud:
    aws:
       credentials.accessKey: AccessKey
       credentials.secretKey: SecretKey
       region.static: us-west-2
       credentials.instanceProfile: true

当它尝试连接时,我看到标题值为:

AWS4-HMAC-SHA256 Credential=accesskey/20150701/us-west-2/sqs/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=signature

发送请求后:

HTTP/1.1 403 Forbidden [Server: Server, Date: Wed, 01 Jul 2015 22:51:25 GMT, Content-Type: text/xml, Content-Length: 349, Connection: keep-alive, x-amzn-RequestId: Request Id] org.apache.http.conn.BasicManagedEntity@37e55df6

我已检查过所有AIM政策,但这些政策是正确的。

使用:

private AmazonSQS establishQueue(){
    AmazonSQS sqs = new AmazonSQSClient(new BasicAWSCredentials(accessKey, secretKey));
    sqs.setRegion(RegionUtils.getRegion(region));
    return sqs;
}


    AmazonSQS sqs = establishQueue();
    return sqs.receiveMessage(sqs.getQueueUrl(userProductPurchase).getQueueUrl());

使用相同的凭据工作正常。非常感谢任何帮助。

由于

2 个答案:

答案 0 :(得分:3)

您的IAM用户是否允许GetQueueAttributes次来电?

我认为它还使用了更多的操作。不仅ReceiveMessageGetQueueUrl

答案 1 :(得分:0)

就我而言,使用Spring Cloud,我必须设置以下权限:

  • sqs:DeleteMessage
  • sqs:GetQueueUrl
  • sqs:ReceiveMessage
  • sqs:SendMessage
  • sqs:GetQueueAttributes