我的会话令牌在应用程序部署到ECS集群后约6小时后过期。
我正在使用最新的AWS sdk 2.X,我需要假设一个配置文件来获得运行某些服务的正确权限。
这是我初始化AwsCredentialsProvider的代码片段:
private fun generateCredentialsProviderAssumingRole(): ProfileCredentialsProvider {
val containerCredentials = get("http://169.254.170.2${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}").jsonObject
val credentials: ProfileCredentialsProvider = ProfileCredentialsProvider.builder().profileFile {
it.type(ProfileFile.Type.CREDENTIALS)
.content(ByteArrayInputStream("""
[container-role]
aws_access_key_id = ${containerCredentials["AccessKeyId"]}
aws_secret_access_key = ${containerCredentials["SecretAccessKey"]}
aws_session_token = ${containerCredentials["Token"]}
aws_security_token = ${containerCredentials["Token"]}
x_principal_arn = ${containerCredentials["RoleArn"]}
x_security_token_expires = ${containerCredentials["Expiration"]}
[external-role-to-assume]
role_arn = $consumerRole
source_profile = container-role
""".trimIndent().toByteArray()))
}.profileName("external-role-to-assume").build()
return credentials
}
我可以看到在as sdk 1.X we had the refresh method中强制刷新这些令牌。我在sdk的版本2中找不到对应的版本。
这是例外:
java.util.concurrent.ExecutionException: software.amazon.awssdk.services.sts.model.StsException: The security token included in the request is expired (Service: Sts, Status Code: 403, Request ID: ****)
我在做什么错了?