来自AWS Client的错误“请求中包含的安全令牌无效”
[英]error “security token included in the request is invalid” from AWS Client
问题描述
Hi I'm using Kinesis as my data buffer, and I got this error below, indicating that my access key is invalid. 
嗨,我使用Kinesis作为数据缓冲区,并在下面收到此错误,表明我的访问密钥无效。 I tried to google around, and other posting answers suggest to change the access key to be the right one. 我尝试在Google周围搜索,其他发布答案建议将访问密钥更改为正确的密钥。
But my case is somehow special, this error comes at run-time, which means the access key is correct when my application started but after running for some time the access key is invalid all of a sudden. 但是我的情况有点特殊, 该错误在运行时出现,这意味着在我的应用程序启动时访问密钥是正确的,但是运行一段时间后,访问密钥突然变得无效。
I suspect "AmazonCloudWatch" and "AmazonDynamoDBv2" service client library is causing the problem? 我怀疑“ AmazonCloudWatch”和“ AmazonDynamoDBv2”服务客户端库是引起此问题的原因吗? Or my way to create "AmazonKinesisClient" is not correct? 还是我创建“ AmazonKinesisClient”的方法不正确?
I'm not authorized to post thread under these two service on AWS forum, so I post it here. 我无权在这两个服务下在AWS论坛上发布线程,因此我将其发布在这里。 Thank you very much. 非常感谢你。
Scala code to initiate AmazonKinesisClient: Scala代码启动AmazonKinesisClient:
val awsCredentialsProvider = new DefaultAWSCredentialsProviderChain()
val kinesisClient = new AmazonKinesisClient(awsCredentialsProvider)
error msg: 错误消息:
15/10/21 17:05:48 INFO CWPublisherRunnable: Successfully published 20 datums.
15/10/21 17:05:49 INFO CWPublisherRunnable: Successfully published 3 datums.
15/10/21 17:05:59 INFO CWPublisherRunnable: Successfully published 18 datums.
15/10/21 17:06:00 INFO BlockManager: Removing RDD 115350
15/10/21 17:06:00 INFO BlockManager: Removing RDD 115349
15/10/21 17:06:00 INFO BlockManager: Removing RDD 115348
15/10/21 17:06:00 INFO MemoryStore: ensureFreeSpace(3016) called with curMem=40094, maxMem=186832650
15/10/21 17:06:00 INFO MemoryStore: Block input-0-1445447160600 stored as values in memory (estimated size 2.9 KB, free 178.1 MB)
15/10/21 17:06:00 INFO BlockGenerator: Pushed block input-0-1445447160600
15/10/21 17:06:05 INFO MemoryStore: ensureFreeSpace(2792) called with curMem=43110, maxMem=186832650
15/10/21 17:06:05 INFO MemoryStore: Block input-0-1445447165600 stored as values in memory (estimated size 2.7 KB, free 178.1 MB)
15/10/21 17:06:05 INFO BlockGenerator: Pushed block input-0-1445447165600
15/10/21 17:06:09 INFO CWPublisherRunnable: Successfully published 20 datums.
15/10/21 17:06:09 INFO CWPublisherRunnable: Successfully published 5 datums.
15/10/21 17:06:12 INFO Worker: Current stream shard assignments: shardId-000000000001, shardId-000000000000
15/10/21 17:06:12 INFO Worker: Sleeping ...
15/10/21 17:06:18 INFO BlockManager: Removing RDD 115354
15/10/21 17:06:18 INFO BlockManager: Removing RDD 115353
15/10/21 17:06:18 INFO BlockManager: Removing RDD 115352
15/10/21 17:06:19 INFO CWPublisherRunnable: Successfully published 18 datums.
15/10/21 17:06:21 INFO MemoryStore: ensureFreeSpace(2536) called with curMem=45902, maxMem=186832650
15/10/21 17:06:21 INFO MemoryStore: Block input-0-1445447181600 stored as values in memory (estimated size 2.5 KB, free 178.1 MB)
15/10/21 17:06:21 INFO BlockGenerator: Pushed block input-0-1445447181600
15/10/21 17:06:29 INFO CWPublisherRunnable: Successfully published 20 datums.
15/10/21 17:06:30 WARN CWPublisherRunnable: Could not publish 5 datums to CloudWatch
com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonCloudWatch; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 12560958-7816-11e5-8781-e3e348826d8f)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:886)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:484)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:256)
at com.amazonaws.services.cloudwatch.AmazonCloudWatchClient.invoke(AmazonCloudWatchClient.java:883)
at com.amazonaws.services.cloudwatch.AmazonCloudWatchClient.putMetricData(AmazonCloudWatchClient.java:354)
at com.amazonaws.services.kinesis.metrics.impl.DefaultCWMetricsPublisher.publishMetrics(DefaultCWMetricsPublisher.java:63)
at com.amazonaws.services.kinesis.metrics.impl.CWPublisherRunnable.runOnce(CWPublisherRunnable.java:129)
at com.amazonaws.services.kinesis.metrics.impl.CWPublisherRunnable.run(CWPublisherRunnable.java:75)
at java.lang.Thread.run(Thread.java:744)
15/10/21 17:06:31 ERROR LeaseCoordinator: LeasingException encountered in lease renewing thread
com.amazonaws.services.kinesis.leases.exceptions.DependencyException: com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: P76PVB575SQUA5QPDTD4BSDDTJVV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.services.kinesis.leases.impl.LeaseManager.convertAndRethrowExceptions(LeaseManager.java:557)
at com.amazonaws.services.kinesis.leases.impl.LeaseManager.renewLease(LeaseManager.java:371)
at com.amazonaws.services.kinesis.leases.impl.LeaseRenewer.renewLease(LeaseRenewer.java:102)
at com.amazonaws.services.kinesis.leases.impl.LeaseRenewer.renewLeases(LeaseRenewer.java:83)
at com.amazonaws.services.kinesis.leases.impl.LeaseCoordinator.runRenewer(LeaseCoordinator.java:194)
at com.amazonaws.services.kinesis.leases.impl.LeaseCoordinator$RenewerRunnable.run(LeaseCoordinator.java:130)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: P76PVB575SQUA5QPDTD4BSDDTJVV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:886)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:484)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:256)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:2908)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.updateItem(AmazonDynamoDBClient.java:1256)
at com.amazonaws.services.kinesis.leases.impl.LeaseManager.renewLease(LeaseManager.java:362)
... 11 more
1 个解决方案
解决方案1
1 2016-08-19 09:23:19
This happens because credentials are rotated and sometimes you try to access kinesis with credentials that are just expired. 发生这种情况是因为凭证被轮换使用,有时您尝试使用刚刚过期的凭证来访问运动。
The solution suggested by Amazon is to refresh the credentials 5 minutes before the expiration. Amazon建议的解决方案是在到期前5分钟刷新凭证。 More details here https://aws.amazon.com/premiumsupport/knowledge-center/security-token-expired/ 此处有更多详细信息https://aws.amazon.com/premiumsupport/knowledge-center/security-token-expired/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.