aws-java-sdk获取非aws环境的临时凭证

时间:2017-04-24 10:43:55

标签: java amazon-web-services aws-sdk aws-appstream

我可以使用用户名logingUserId访问aws帐户。我想在我的CI服务器中创建访问配置文件,以便我可以针对像kinesis,dynamodb等AWS工具测试我的应用程序。

我写了一个生成访问密钥,密钥和会话令牌的方法(使用AssumeRoleRequest)。它似乎没有用。

  it("provides temporary access to AWS") {
    val assumeRoleRequest = new AssumeRoleRequest

    assumeRoleRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName)
    assumeRoleRequest.setRoleSessionName("test-session")
    assumeRoleRequest.setExternalId(loginUserId)

    val tokenService = new AWSSecurityTokenServiceClient() // 
    tokenService.setEndpoint("sts-endpoint.amazonaws.com")
    tokenService.assumeRole(assumeRoleRequest)

    val tokenRequestEvent = new GetSessionTokenRequest()
    tokenRequestEvent.setDurationSeconds(7200) // optional

    val tokenResponseEvent =
      tokenService.getSessionToken(tokenRequestEvent)

    val creds = tokenResponseEvent.getCredentials

    println(creds.getAccessKeyId) //write to ~/.aws/credentials
    println(creds.getSecretAccessKey) //write to ~/.aws/credentials
    println(creds.getSessionToken) //write to ~/.aws/credentials
    println(creds.getExpiration)
  }

错误 - 无法从链中的任何提供商加载AWS凭据

/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/bin/java -Didea.launcher.port=7541 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Users/as18/Library/Application Support/IntelliJIdea2016.2/Scala/lib/scala-plugin-runners.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/tools.jar:/Users/as18/possibilities/programming/s2/whats-in-stream-v2/target/test-classes:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk/1.11.109/aws-java-sdk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-pinpoint/1.11.109/aws-java-sdk-pinpoint-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/jmespath-java/1.11.109/jmespath-java-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-xray/1.11.109/aws-java-sdk-xray-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworkscm/1.11.109/aws-java-sdk-opsworkscm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-support/1.11.109/aws-java-sdk-support-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpledb/1.11.109/aws-java-sdk-simpledb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servicecatalog/1.11.109/aws-java-sdk-servicecatalog-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servermigration/1.11.109/aws-java-sdk-servermigration-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpleworkflow/1.11.109/aws-java-sdk-simpleworkflow-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-storagegateway/1.11.109/aws-java-sdk-storagegateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-route53/1.11.109/aws-java-sdk-route53-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-s3/1.11.109/aws-java-sdk-s3-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-importexport/1.11.109/aws-java-sdk-importexport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sts/1.11.109/aws-java-sdk-sts-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sqs/1.11.109/aws-java-sdk-sqs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rds/1.11.109/aws-java-sdk-rds-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-redshift/1.11.109/aws-java-sdk-redshift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticbeanstalk/1.11.109/aws-java-sdk-elasticbeanstalk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-glacier/1.11.109/aws-java-sdk-glacier-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iam/1.11.109/aws-java-sdk-iam-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-datapipeline/1.11.109/aws-java-sdk-datapipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancing/1.11.109/aws-java-sdk-elasticloadbalancing-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancingv2/1.11.109/aws-java-sdk-elasticloadbalancingv2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-emr/1.11.109/aws-java-sdk-emr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticache/1.11.109/aws-java-sdk-elasticache-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elastictranscoder/1.11.109/aws-java-sdk-elastictranscoder-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ec2/1.11.109/aws-java-sdk-ec2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dynamodb/1.11.109/aws-java-sdk-dynamodb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sns/1.11.109/aws-java-sdk-sns-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-budgets/1.11.109/aws-java-sdk-budgets-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudtrail/1.11.109/aws-java-sdk-cloudtrail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatch/1.11.109/aws-java-sdk-cloudwatch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-logs/1.11.109/aws-java-sdk-logs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-events/1.11.109/aws-java-sdk-events-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidentity/1.11.109/aws-java-sdk-cognitoidentity-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitosync/1.11.109/aws-java-sdk-cognitosync-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directconnect/1.11.109/aws-java-sdk-directconnect-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudformation/1.11.109/aws-java-sdk-cloudformation-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudfront/1.11.109/aws-java-sdk-cloudfront-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-clouddirectory/1.11.109/aws-java-sdk-clouddirectory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kinesis/1.11.109/aws-java-sdk-kinesis-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworks/1.11.109/aws-java-sdk-opsworks-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ses/1.11.109/aws-java-sdk-ses-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-autoscaling/1.11.109/aws-java-sdk-autoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudsearch/1.11.109/aws-java-sdk-cloudsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatchmetrics/1.11.109/aws-java-sdk-cloudwatchmetrics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codedeploy/1.11.109/aws-java-sdk-codedeploy-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codepipeline/1.11.109/aws-java-sdk-codepipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kms/1.11.109/aws-java-sdk-kms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-config/1.11.109/aws-java-sdk-config-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lambda/1.11.109/aws-java-sdk-lambda-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecs/1.11.109/aws-java-sdk-ecs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecr/1.11.109/aws-java-sdk-ecr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudhsm/1.11.109/aws-java-sdk-cloudhsm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ssm/1.11.109/aws-java-sdk-ssm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workspaces/1.11.109/aws-java-sdk-workspaces-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-machinelearning/1.11.109/aws-java-sdk-machinelearning-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directory/1.11.109/aws-java-sdk-directory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-efs/1.11.109/aws-java-sdk-efs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codecommit/1.11.109/aws-java-sdk-codecommit-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-devicefarm/1.11.109/aws-java-sdk-devicefarm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticsearch/1.11.109/aws-java-sdk-elasticsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-waf/1.11.109/aws-java-sdk-waf-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacecommerceanalytics/1.11.109/aws-java-sdk-marketplacecommerceanalytics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-inspector/1.11.109/aws-java-sdk-inspector-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iot/1.11.109/aws-java-sdk-iot-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-api-gateway/1.11.109/aws-java-sdk-api-gateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-acm/1.11.109/aws-java-sdk-acm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-gamelift/1.11.109/aws-java-sdk-gamelift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dms/1.11.109/aws-java-sdk-dms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacemeteringservice/1.11.109/aws-java-sdk-marketplacemeteringservice-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidp/1.11.109/aws-java-sdk-cognitoidp-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-discovery/1.11.109/aws-java-sdk-discovery-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-applicationautoscaling/1.11.109/aws-java-sdk-applicationautoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-snowball/1.11.109/aws-java-sdk-snowball-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rekognition/1.11.109/aws-java-sdk-rekognition-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-polly/1.11.109/aws-java-sdk-polly-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lightsail/1.11.109/aws-java-sdk-lightsail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-stepfunctions/1.11.109/aws-java-sdk-stepfunctions-1.11.109.jar:/Users/as18/.m2/repository/com/jayway/jsonpath/json-path/2.2.0/json-path-2.2.0.jar:/Users/as18/.m2/repository/org/slf4j/slf4j-api/1.7.16/slf4j-api-1.7.16.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-health/1.11.109/aws-java-sdk-health-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-costandusagereport/1.11.109/aws-java-sdk-costandusagereport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codebuild/1.11.109/aws-java-sdk-codebuild-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-appstream/1.11.109/aws-java-sdk-appstream-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-shield/1.11.109/aws-java-sdk-shield-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-batch/1.11.109/aws-java-sdk-batch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lex/1.11.109/aws-java-sdk-lex-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-mechanicalturkrequester/1.11.109/aws-java-sdk-mechanicalturkrequester-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-organizations/1.11.109/aws-java-sdk-organizations-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workdocs/1.11.109/aws-java-sdk-workdocs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-core/1.11.109/aws-java-sdk-core-1.11.109.jar:/Users/as18/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpcore/4.4.4/httpcore-4.4.4.jar:/Users/as18/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar:/Users/as18/.m2/repository/software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.6/jackson-databind-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.6.0/jackson-annotations-2.6.0.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.6.6/jackson-core-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.6.6/jackson-dataformat-cbor-2.6.6.jar:/Users/as18/.m2/repository/joda-time/joda-time/2.8.1/joda-time-2.8.1.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-models/1.11.109/aws-java-sdk-models-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-swf-libraries/1.11.22/aws-java-sdk-swf-libraries-1.11.22.jar:/Users/as18/.m2/repository/org/scalatest/scalatest_2.11/3.0.1/scalatest_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-library/2.11.8/scala-library-2.11.8.jar:/Users/as18/.m2/repository/org/scalactic/scalactic_2.11/3.0.1/scalactic_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-reflect/2.11.8/scala-reflect-2.11.8.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-xml_2.11/1.0.5/scala-xml_2.11-1.0.5.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-parser-combinators_2.11/1.0.4/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-actors-2.11.0.jar:/usr/local/scala-2.11.8/lib/scala-actors-migration_2.11-1.1.0.jar:/usr/local/scala-2.11.8/lib/scala-library.jar:/usr/local/scala-2.11.8/lib/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-reflect.jar:/usr/local/scala-2.11.8/lib/scala-swing_2.11-1.0.2.jar:/usr/local/scala-2.11.8/lib/scala-xml_2.11-1.0.4.jar:/Applications/IntelliJ IDEA.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner -s creds.Test -testName "provides temporary access to AWS" -showProgressMessages true -C org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestReporter
Testing started at 3:20 AM ...

Unable to load AWS credentials from any provider in the chain
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain
    at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1119)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:759)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:723)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431)
    at creds.Test$$anonfun$1.apply$mcV$sp(Test.scala:24)
    at creds.Test$$anonfun$1.apply(Test.scala:15)
    at creds.Test$$anonfun$1.apply(Test.scala:15)
    at org.scalatest.OutcomeOf$class.outcomeOf(OutcomeOf.scala:85)
    at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
    at org.scalatest.Transformer.apply(Transformer.scala:22)
    at org.scalatest.Transformer.apply(Transformer.scala:20)
    at org.scalatest.FunSpecLike$$anon$1.apply(FunSpecLike.scala:454)
    at org.scalatest.TestSuite$class.withFixture(TestSuite.scala:196)
    at org.scalatest.FunSpec.withFixture(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$class.invokeWithFixture$1(FunSpecLike.scala:451)
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464)
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464)
    at org.scalatest.SuperEngine.runTestImpl(Engine.scala:289)
    at org.scalatest.FunSpecLike$class.runTest(FunSpecLike.scala:464)
    at org.scalatest.FunSpec.runTest(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497)
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497)
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:396)
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:384)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.scalatest.SuperEngine.traverseSubNodes$1(Engine.scala:384)
    at org.scalatest.SuperEngine.org$scalatest$SuperEngine$$runTestsInBranch(Engine.scala:379)
    at org.scalatest.SuperEngine.runTestsImpl(Engine.scala:461)
    at org.scalatest.FunSpecLike$class.runTests(FunSpecLike.scala:497)
    at org.scalatest.FunSpec.runTests(FunSpec.scala:1630)
    at org.scalatest.Suite$class.run(Suite.scala:1147)
    at org.scalatest.FunSpec.org$scalatest$FunSpecLike$$super$run(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501)
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501)
    at org.scalatest.SuperEngine.runImpl(Engine.scala:521)
    at org.scalatest.FunSpecLike$class.run(FunSpecLike.scala:501)
    at org.scalatest.FunSpec.run(FunSpec.scala:1630)
    at org.scalatest.tools.SuiteRunner.run(SuiteRunner.scala:45)
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1340)
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1334)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.scalatest.tools.Runner$.doRunRunRunDaDoRunRun(Runner.scala:1334)
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1011)
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1010)
    at org.scalatest.tools.Runner$.withClassLoaderAndDispatchReporter(Runner.scala:1500)
    at org.scalatest.tools.Runner$.runOptionallyWithPassFailReporter(Runner.scala:1010)
    at org.scalatest.tools.Runner$.run(Runner.scala:850)
    at org.scalatest.tools.Runner.run(Runner.scala)
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.runScalaTest2(ScalaTestRunner.java:138)
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.main(ScalaTestRunner.java:28)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)

尝试使用AssumeRoleWithWebIdentityRequest,这比AssumeRoleRequest更有意义。但抛出相同的无法加载信用卡错误。

  it("provides temporary access to AWS") {
    val identityRequest = new AssumeRoleWithWebIdentityRequest()
    identityRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName)
    //identityRequest.setWebIdentityToken(loginUserId) //I dont know what is it
    identityRequest.setRoleSessionName(loginUserId)

    val tokenService = new AWSSecurityTokenServiceClient()
    tokenService.setEndpoint("sts-endpoint.amazonaws.com")
    val creds = tokenService.assumeRoleWithWebIdentity(identityRequest).getCredentials

    println(creds.getAccessKeyId)
    println(creds.getSecretAccessKey)
    println(creds.getSessionToken)
    println(creds.getExpiration)
  }

发送的请求是

POST null / Parameters: ({"Action":["AssumeRoleWithWebIdentity"],"Version":["2011-06-15"],"RoleArn":["arn:aws:iam::accountId:role/roleName"],"RoleSessionName":["loginUserId"]}

其中resourcePath是null,不知道为什么?

我正在使用aws-java-sdk 1.11

    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk</artifactId>
        <version>1.11.109</version>
        <scope>compile</scope>
    </dependency>

On terminal,请求我没有的个人资料。我只拥有aws帐户的用户名和密码。

$ aws sts assume-role --role-arn arn:aws:iam::someAccount:role/rolenNameForMe --role-session-name "RoleSession1" > assume-role-output.txt
Unable to locate credentials. You can configure credentials by running "aws configure".

当我检查UI用户页面时,我有限制访问

User: arn:aws:sts::accountId:assumed-role/roleName/loginUserId is not authorized to perform: iam:ListUsers on resource: arn:aws:iam::accountId:user/

1 个答案:

答案 0 :(得分:3)

当您拨打AWS服务时,您必须提供凭据以确定您的身份。这在调用AssumeRole请求时也适用。 (毕竟,你不希望世界上任何人在未经您许可的情况下进行这些通话!)

如果您在具有关联的IAM角色的Amazon EC2实例上运行代码,则这些凭据将通过Instance Metadata Service自动传递给实例。调用AWS SDK将自动使用这些凭据。

如果未在具有关联角色的EC2实例上运行,则可以在配置文件中提供本地凭据。最简单的方法是运行aws configure并提供访问密钥和密钥(在创建IAM用户时从IAM获得)。请记住 - 您必须以IAM用户身份进行呼叫,因此请使用该用户的凭据。

您提到您拥有AWS账户的用户名和密码,因此:

  • 在管理控制台中转到IAM
  • 选择您的用户
  • 查看“安全凭据”选项卡
  • 点击创建访问密钥
  • 在致电aws configure
  • 时使用这些凭据