[英]is there a way to validate the credentials for aws account using aws-sdk-go
I am creating the session using the API provided in the aws-sdk-go.我正在使用 aws-sdk-go 中提供的 API 创建 session。
Problem: If I provide the wrong credentials, then it will also create a session.问题:如果我提供了错误的凭据,那么它也会创建一个 session。 But when I make some other API call using this sesssion, it will raise an error.但是当我使用此会话进行其他一些 API 调用时,它会引发错误。
Is there any way we can validate the credentials before creating a session?在创建 session 之前,我们有什么方法可以验证凭据?
Session creation method: Session创建方法:
var MyCredentials = credentials.NewStaticCredentials(access_key_id, secret_access_key, "") var MyCredentials = credentials.NewStaticCredentials(access_key_id, secret_access_key, "")
var sess = session.Must(session.NewSession(&aws.Config{
Credentials: MyCredentials,
Region: aws.String(hostRegion),
MaxRetries: aws.Int(3),
}))
What do you mean by "wrong credentials"? “错误的凭据”是什么意思? If the credentials are bogus, every call fails.如果凭据是伪造的,则每次调用都会失败。 If you mean that you have different profiles, create the session using the profile you specify in ~/.aws/credentials.如果您的意思是您有不同的配置文件,请使用您在 ~/.aws/credentials 中指定的配置文件创建 session。 For example, if I have the following in ~/.aws/credentials:例如,如果我在 ~/.aws/credentials 中有以下内容:
[default]
aws_access_key_id = ...
aws_secret_access_key = ...
[goober]
aws_access_key_id = ...
aws_secret_access_key = ...
I can use my default credentials when I create a session by:当我通过以下方式创建 session 时,我可以使用我的默认凭据:
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
But if I want to use my goober profile (from https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ ):但是,如果我想使用我的 goober 配置文件(来自https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ ):
sess, err:= session.NewSessionWithOptions(session.Options{ Profile: "goober", }) sess, err:= session.NewSessionWithOptions(session.Options{ Profile: "goober", })
When you create a session, the API does not talk to the server/service.当您创建 session 时,API 不会与服务器/服务通信。 All it knows is that you have some values like the ones I showed.它所知道的就是你有一些像我展示的那样的价值观。 Perhaps the easiest way to confirm is use the S3 HeadBucket command on a bucket that you know exists as it's about the lowest overhead call I know.也许最简单的确认方法是在您知道存在的存储桶上使用 S3 HeadBucket 命令,因为它是我所知道的最低开销调用。
HTH,高温下,
doug道格
To validate credentials you must call an AWS API.要验证凭证,您必须调用 AWS API。 But you can check if a set of credentials were supplied to the application like below但是您可以检查是否向应用程序提供了一组凭据,如下所示
// MustHaveCredentials looks for aws credentials using default credential provider chain as
// documented here https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html
func MustHaveCredentials() {
_, err := defaults.CredChain(defaults.Get().Config, defaults.Get().Handlers).Get()
if err != nil {
log.Fatalf("no AWS credentials provided! %v", err)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.