stackoom
  简体   繁体   中英

DynamoDB The security token included in the request is invalid UnrecognizedClientException

 原文  2016-08-06 05:04:43       amazon-web-services/ amazon-dynamodb

Question

I have ~/.aws/credentials and config files and my code is below

clientConfiguration.setProxyHost("MYPROXY");
            clientConfiguration.setProxyPort(port);
            clientConfiguration.setProxyUsername("username");
            clientConfiguration.setProxyPassword("pw");
            clientConfiguration.setPreemptiveBasicProxyAuth(false);


            AmazonDynamoDBClient client = new AmazonDynamoDBClient(new ProfileCredentialsProvider("MY_PROFILE"),clientConfiguration);

         //client.withRegion(Regions.US_EAST_1);
         DynamoDBMapper mapper = new DynamoDBMapper(client);

         // Get a book - Id=101
         GetBook(mapper, 101);

I am getting below exception everytime.I can see session token in my credential file in ~/.aws/credentials

Error running the DynamoDBMapperQueryScanExample: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
    com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)

AWS SDK 1.11.24 java Credentials file 

[TES1_AWS_STSdigital_Dev_Developer]
aws_access_key_id = XXXXX
aws_secret_access_key = AAAAA
aws_security_token = BBBBBBBB
token_expiration = 2016-08-08T16:34:48Z

[TEST2_AWS_TEST_Dev_ReadOnly]
aws_access_key_id = MMMMMM
aws_secret_access_key = NNNNNN
aws_security_token = OOOOOOO
token_expiration = 2016-08-08T16:34:48Z

[TEST3_AWS_STSdigital_Prod_ProdSupport]
aws_access_key_id = KKKKKKK
aws_secret_access_key = LLLLLLLLL
aws_security_token =FFFFFFFF
token_expiration = 2016-08-08T16:34:48Z

[TEST4_AWS_STSdigital_Prod_Monitoring]
aws_access_key_id = WWWWWW
aws_secret_access_key = SSSSSSSS
aws_security_token = VVVVVVVVV
token_expiration = 2016-08-08T16:34:48Z

config file in ~/.aws/config 

[DEFAULT]
scope = urn:amazon:webservices

[saml_provider]
url = https://myprivatesssaccess
default_region = us-east-1

[profile TEST1_AWS_STSdigital_Dev_Developer]
saml_role = arn:aws:iam::44444444:role/TEST1_AWS_STSdigital_Dev_Developer
region = us-east-1

[profile TEST2_AWS_TEST_Dev_ReadOnly]
saml_role = arn:aws:iam::3333333:role/TEST2_AWS_TEST_Dev_ReadOnly
region = us-east-1

[profile TEST3_STSdigital_Prod_ProdSupport]
saml_role = arn:aws:iam::222222:role/TEST3_AWS_STSdigital_Prod_ProdSupport
region = us-east-1

[profile TEST4_AWS_STSdigital_Prod_Monitoring]
saml_role = arn:aws:iam::1111111:role/TEST4_AWS_STSdigital_Prod_Monitoring
region = us-east-1

3 answers

solution1
 2  2016-08-15 14:58:08

Start with the simple things. Have you checked the permissions on the files? At least from Linux they need to be 600 or user read/write, group and world no access.

Have you checked the AWS side to verify that these credentials are associated with the account you are trying to use?

Can you run a simple command that uses the credentials? The CLI aws command from Amazon is a perfect place to start.

aws ec2 help

is good first check. Then try to access some information that is generally available, like the spot EC2 instance price history:

aws ec2 describe-spot-price-history --prod "Linux/UNIX" --start-time 2016-08-15

should give you thousands of lines of output. Then try to access some of your own account info:

aws ec2 describe-instances

At this point, you know everything is working from the CLI. The next step is to very Java connectivity, which should just work now if you run it from the same machine with the same home directory where ~/.aws/ is found.

I use DynamoDB access from Java every day. Once you clear a few hurdles it works great.

solution2
 2  2020-08-12 19:09:54

I received this error when I had my region set to RegionEndpoint.APEast1 instead of RegionEndpoint.USEast1. My error, I accepted the first "East1" string I saw in intellisense.

solution3
 0  2022-06-22 15:28:02

I'm using AWS-Fed to enable temporary access to AWS via a federated role from the terminal instead of accessing via aws configure command. I got the same error when using boto3 to interact with DynamoDB and was able to solve it by setting AWS Profile to saml in the terminal as below

export AWS_PROFILE=saml

other cases could be if your session is expired, try to aws configure again and retry.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question dynamodb node js --- UnrecognizedClientException: The security token included in the request is invalid ask-cli, Ask deploy, UnrecognizedClientException: The security token included in the request is invalid UnrecognizedClientException","errorMessage":"The security token included in the request is invalid when testing lambda function locally An error occurred (UnrecognizedClientException) when calling the ListTopicRules operation: The security token included in the request is invalid Error: The security token included in the request is invalid - AWS DynamoDB Mocking promise from DynamoDB Documentclient: The security token included in the request is invalid DynamoDB - The security token included in the request is expired AWS DynamoDB error: “The security token included in the request is invalid.” although credentials are in shared security file Nested workflow - The security token included in the request is invalid Serverless Error: The security token included in the request is invalid
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM