我正在实现AWS ClientManager,以获取保存在AWS中的秘密变量。我有如下的初始实现:
// Load the AWS SDK
var AWS = require('aws-sdk'),
region = "us-west-2",
secretName = "secretName",
accessKeyId = myAccessKey,
secretAccessKey = mySecretAccessKey,
secret,
decodedBinarySecret;
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({SecretId: secretName}, function(err, data) {
if (err) {
console.log("Error Happened");
console.log(err);
}
else {
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
});
启动服务器时,它将引发以下异常
{UnrecognizedClientException:请求中包含的安全令牌无效。 消息:“请求中包含的安全令牌无效。”, 代码:“ UnrecognizedClientException”, 时间:2019-07-01T12:16:00.021Z, requestId:'c7ed53c1-fb70-4012-aa9f-5a9a3195a043', statusCode:400, 可重试:错误, retryDelay:40.923844792180674}
答案 0 :(得分:2)
您需要为该aws添加端点,以提取使用aws configure定义的令牌访问。创建表时添加以下代码联接:
--endpoint-url http://localhost:8000 //localhost in my case because I'm runing locally, but you can put there you domain or port server
AWS.config.update({
region: "us-west-2",
endpoint: "http://localhost:8000",
accessKeyId: "your access id",
secretAccessKey: "your acccess key"
});
答案 1 :(得分:0)
“请求中包含的安全令牌无效”错误几乎总是表示您的凭据有问题。 accessKeyId或secretAccessKey(或两者)错误。
在代码中使用凭证之前,您可以尝试使用STS get caller identity调用使用AWS cli来验证凭证。