DynamoDB请求中包含的安全令牌无效UnrecognizedClientException

时间:2016-08-06 05:04:43

标签: amazon-web-services amazon-dynamodb

我有〜/ .aws / credentials和配置文件,我的代码在

下面
clientConfiguration.setProxyHost("MYPROXY");
            clientConfiguration.setProxyPort(port);
            clientConfiguration.setProxyUsername("username");
            clientConfiguration.setProxyPassword("pw");
            clientConfiguration.setPreemptiveBasicProxyAuth(false);


            AmazonDynamoDBClient client = new AmazonDynamoDBClient(new ProfileCredentialsProvider("MY_PROFILE"),clientConfiguration);

         //client.withRegion(Regions.US_EAST_1);
         DynamoDBMapper mapper = new DynamoDBMapper(client);

         // Get a book - Id=101
         GetBook(mapper, 101);

我每次都得到以下异常。我可以在我的凭据文件中看到〜/ .aws / credentials中的会话令牌

Error running the DynamoDBMapperQueryScanExample: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
    com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)

AWS SDK 1.11.24 java 凭证文件

[TES1_AWS_STSdigital_Dev_Developer]
aws_access_key_id = XXXXX
aws_secret_access_key = AAAAA
aws_security_token = BBBBBBBB
token_expiration = 2016-08-08T16:34:48Z

[TEST2_AWS_TEST_Dev_ReadOnly]
aws_access_key_id = MMMMMM
aws_secret_access_key = NNNNNN
aws_security_token = OOOOOOO
token_expiration = 2016-08-08T16:34:48Z

[TEST3_AWS_STSdigital_Prod_ProdSupport]
aws_access_key_id = KKKKKKK
aws_secret_access_key = LLLLLLLLL
aws_security_token =FFFFFFFF
token_expiration = 2016-08-08T16:34:48Z

[TEST4_AWS_STSdigital_Prod_Monitoring]
aws_access_key_id = WWWWWW
aws_secret_access_key = SSSSSSSS
aws_security_token = VVVVVVVVV
token_expiration = 2016-08-08T16:34:48Z

在〜/ .aws / config

中配置文件
[DEFAULT]
scope = urn:amazon:webservices

[saml_provider]
url = https://myprivatesssaccess
default_region = us-east-1

[profile TEST1_AWS_STSdigital_Dev_Developer]
saml_role = arn:aws:iam::44444444:role/TEST1_AWS_STSdigital_Dev_Developer
region = us-east-1

[profile TEST2_AWS_TEST_Dev_ReadOnly]
saml_role = arn:aws:iam::3333333:role/TEST2_AWS_TEST_Dev_ReadOnly
region = us-east-1

[profile TEST3_STSdigital_Prod_ProdSupport]
saml_role = arn:aws:iam::222222:role/TEST3_AWS_STSdigital_Prod_ProdSupport
region = us-east-1

[profile TEST4_AWS_STSdigital_Prod_Monitoring]
saml_role = arn:aws:iam::1111111:role/TEST4_AWS_STSdigital_Prod_Monitoring
region = us-east-1

2 个答案:

答案 0 :(得分:1)

当我将区域设置为RegionEndpoint.APEast1而不是RegionEndpoint.USEast1时,收到此错误。我的错误是,我接受了在智能感知中看到的第一个“ East1”字符串。

答案 1 :(得分:0)

从简单的事情开始。你检查过文件的权限了吗?至少从Linux开始,他们需要600或用户读/写,组和世界无法访问。

您是否检查过AWS方以验证这些凭据是否与您尝试使用的帐户相关联?

您可以运行使用凭据的简单命令吗?来自亚马逊的CLI aws命令是一个很好的起点。

aws ec2 help

是第一次检查。然后尝试访问一些通常可用的信息,例如现货EC2实例价格历史记录:

aws ec2 describe-spot-price-history --prod "Linux/UNIX" --start-time 2016-08-15

应该为您提供数千行输出。然后尝试访问您自己的一些帐户信息:

aws ec2 describe-instances

此时,您知道CLI中的一切正常。下一步是非常Java连接,如果你从具有相同主目录的同一台机器运行它,它现在应该可以正常工作,其中找到了〜/ .aws /。

我每天都使用Java的DynamoDB访问。一旦你明确了几个障碍,它就会很有效。