无法从环境变量(AWS_ACCESS_KEY_ID(或 AWS_ACCESS_KEY)和 AWS_SECRET_KEY(或 AWS_SECRET_ACCESS_KEY))加载 AWS 凭证
[英]Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
问题描述
I have to make an application with Spring Boot, which accesses S3.
我必须使用 Spring Boot 创建一个应用程序,它访问 S3。 They don't want the accessKey and secretKEy to be present anywhere in the code.他们不希望 accessKey 和 secretKEy 出现在代码中的任何地方。 For this they gave me an arn role but I don't know how to connect without the accessKey and secretKey.为此,他们给了我一个 arn 角色,但我不知道如何在没有 accessKey 和 secretKey 的情况下进行连接。
Since they did not want these two parameters in the code, I decided to try putting it in my environment variables (I don't know if this will work for them).由于他们不想在代码中使用这两个参数,我决定尝试将其放入我的环境变量中(我不知道这是否对他们有用)。 The problem comes when still having my environment variables:当仍然有我的环境变量时,问题就来了:
(These variables have the correct value only I can't show them) (这些变量只有我不能显示的正确值)
And then in my Spring Boot app I have the following constructor:然后在我的 Spring Boot 应用程序中,我有以下构造函数:
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new EnvironmentVariableCredentialsProvider())
.build();
But with all this, it returns the following error:但是尽管如此,它还是返回以下错误:
Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
at com.amazonaws.auth.EnvironmentVariableCredentialsProvider.getCredentials(EnvironmentVariableCredentialsProvider.java:50)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1213)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:789)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:739)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:732)
....
My intention was to then do this with the role:我的意图是用角色来做到这一点:
AssumeRoleRequest assumeRequest = new
AssumeRoleRequest().withRoleArn(roleArn).withDurationSeconds(3600)
.withRoleSessionName(sessionName);
AssumeRoleResult roleResponse = stsClient.assumeRole(assumeRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
BasicSessionCredentials awsCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
1 个解决方案
解决方案1
0 2021-01-05 14:22:26
You can assume the role by using STSAssumeRoleSessionCredentialsProvider.您可以使用 STSAssumeRoleSessionCredentialsProvider 代入该角色。 The below method uses assume role if provided.如果提供,以下方法使用承担角色。 If not it will use the credentials from Env varaibales.如果不是,它将使用来自 Env varaibales 的凭据。
@Value("${cloud.aws.assumeRole}")
private String assumeRoleARN;
@Bean
@Primary
public AWSCredentialsProvider awsCredentialsProvider() {
if (StringUtils.isNotEmpty(assumeRoleARN)) {
log.info("Assuming role {}",assumeRoleARN);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider("<<profile_name>>"))
.withRegion(US_EAST_1)
.build();
return new STSAssumeRoleSessionCredentialsProvider
.Builder(assumeRoleARN, "LocalAssumeRoleSession")
.withStsClient(stsClient)
.build();
}
return DefaultAWSCredentialsProviderChain.getInstance();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.