我有一个kubernates pod,它试图使用aws java sdk来访问aws kms服务以解密密码,并且我具有附加到该pod的有效iam角色,但是请求失败并出现以下错误,
{
"message": "Service Unavailable: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)),
SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), com.amazonaws.auth.profile.ProfileCredentialsProvider@219aa2a6: profile file cannot be null,
com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@399fc8ea: Internal Server Error (Service: null; Status Code: 500; Error Code: null; Request ID: null)]"
}
下面是假定调用kms的代码部分
private final boolean kmsEnabled;
private final AWSKMS kmsClient;
public KmsKeyManager(@Value("${kms.enabled}") final boolean kmsEnabled,
@Value("${kms.endpoint}") final String kmwEndPoint,
@Value("${aws.region}") final String awsRegion) {
AwsClientBuilder.EndpointConfiguration endpointConfig = new AwsClientBuilder.EndpointConfiguration(kmwEndPoint, awsRegion);
kmsClient = AWSKMSClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withEndpointConfiguration(endpointConfig)
.build();
this.kmsEnabled = kmsEnabled;
}
答案 0 :(得分:1)
您可能必须创建一个VPC终结点,因为EKS舱可能没有外部IP,因此将无法连接到KMS
答案 1 :(得分:0)