我目前正在尝试使用Spring Cloud和Spring Boot连接到AWS SQS队列时出现连接问题。我相信我的一切都配置得很好但是我得到了:
2015-07-01 18:12:11,926 [WARN] [ - ] org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext [487] - 上下文初始化期间遇到异常 - 取消刷新尝试 org.springframework.context.ApplicationContextException:失败 start bean'simpleMessageListenerContainer';嵌套异常是 com.amazonaws.AmazonServiceException:访问资源 https://sqs.us-west-2.amazonaws.com/ {Number} / {Queue Name}被拒绝。 (服务:AmazonSQS;状态代码:403;错误代码:AccessDenied; 要求ID:87312428-ec0f-5990-9f69-6a269a041b4d)
@Configuration
@EnableSqs
public class CloudConfiguration {
private static final Logger log = Logger.getLogger(CloudConfiguration.class);
@MessageMapping("QUEUE")
public void retrieveProvisionMessages(User user) {
log.warn(user.firstName);
}
}
YML
cloud:
aws:
credentials.accessKey: AccessKey
credentials.secretKey: SecretKey
region.static: us-west-2
credentials.instanceProfile: true
当它尝试连接时,我看到标题值为:
AWS4-HMAC-SHA256 Credential=accesskey/20150701/us-west-2/sqs/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=signature
发送请求后:
HTTP/1.1 403 Forbidden [Server: Server, Date: Wed, 01 Jul 2015 22:51:25 GMT, Content-Type: text/xml, Content-Length: 349, Connection: keep-alive, x-amzn-RequestId: Request Id] org.apache.http.conn.BasicManagedEntity@37e55df6
我已检查过所有AIM政策,但这些政策是正确的。
使用:
private AmazonSQS establishQueue(){
AmazonSQS sqs = new AmazonSQSClient(new BasicAWSCredentials(accessKey, secretKey));
sqs.setRegion(RegionUtils.getRegion(region));
return sqs;
}
AmazonSQS sqs = establishQueue();
return sqs.receiveMessage(sqs.getQueueUrl(userProductPurchase).getQueueUrl());
使用相同的凭据工作正常。非常感谢任何帮助。
由于
答案 0 :(得分:3)
您的IAM用户是否允许GetQueueAttributes次来电?
我认为它还使用了更多的操作。不仅ReceiveMessage和GetQueueUrl。
答案 1 :(得分:0)
就我而言,使用Spring Cloud,我必须设置以下权限:
sqs:DeleteMessage sqs:GetQueueUrl sqs:ReceiveMessage sqs:SendMessage sqs:GetQueueAttributes