[英]Error while token management process in lambda (Java runtime) “Unable to load credentials from service endpoint: com.amazonaws.SdkClientException”
有关我的用例的信息-
S3中的文件上传事件(AWS账户B中存在)触发lambda函数(AWS账户A中存在),lambda函数将S3事件作为输入,并且必须从S3下载文件。 Lambda配置有附加了策略的IAM角色。 策略有权访问S3(在AWS账户B中存在)。
为了使lambda与S3进行交互,lambda服务器必须设置aws令牌(它本身使用IAM角色来完成),然后承担角色来设置令牌配置文件以便与S3进行交互而不会导致访问被拒绝。 为此,我在lambda函数中编写了AWSTokenManager(下面共享的类代码),该函数在执行时会引发此错误-
Unable to load credentials from service endpoint: com.amazonaws.SdkClientException
com.amazonaws.SdkClientException: Unable to load credentials from service endpoint
at com.amazonaws.auth.EC2CredentialsFetcher.handleError(EC2CredentialsFetcher.java:183)
at com.amazonaws.auth.EC2CredentialsFetcher.fetchCredentials(EC2CredentialsFetcher.java:162)
at com.amazonaws.auth.EC2CredentialsFetcher.getCredentials(EC2CredentialsFetcher.java:82)
at com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:164)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1166)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:762)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:724)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:357)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1220)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1199)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:984)
at com.amazonaws.internal.ConnectionUtils.connectToEndpoint(ConnectionUtils.java:54)
at com.amazonaws.internal.EC2CredentialsUtils.readResource(EC2CredentialsUtils.java:116)
at com.amazonaws.internal.EC2CredentialsUtils.readResource(EC2CredentialsUtils.java:87)
at com.amazonaws.auth.InstanceProfileCredentialsProvider$InstanceMetadataCredentialsEndpointProvider.getCredentialsEndpoint(InstanceProfileCredentialsProvider.java:189)
at com.amazonaws.auth.EC2CredentialsFetcher.fetchCredentials(EC2CredentialsFetcher.java:122)
这是AWSTokenManager类代码-包com.packagename;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
public class AWSTokenManager {
public void awsTokenManager() {
System.out.println("Inside awsTokenManager method");
basicSessionCredentials();
}
BasicSessionCredentials basicSessionCredentials() {
System.out.println("Call reached inside basicSessionCredentials method");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(InstanceProfileCredentialsProvider.getInstance()).build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn("arn:aws:iam::111:role/iamrolenamehere").withRoleSessionName("role_profilename");
return gets3Credentials(stsClient, roleRequest);
}
public static BasicSessionCredentials gets3Credentials(AWSSecurityTokenService stsClient, AssumeRoleRequest roleRequest) {
Credentials s3Credentials = stsClient.assumeRole(roleRequest).getCredentials();
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
s3Credentials.getAccessKeyId(), s3Credentials.getSecretAccessKey(),
s3Credentials.getSessionToken());
return basicSessionCredentials;
}
}
另请注意,lambda配置中的no_proxy和NO_PROXY环境变量具有169.254.169.254 。 我这样做的原因是为了避免在连接到AWS服务时出现代理问题,根据我的理解,该服务在上述给定的ip上运行。
通过将awstokenManager方法更新为-,我能够通过错误
public void awsTokenManager() {
System.out.println("Inside awsTokenManager method");
STSAssumeRoleSessionCredentialsProvider stsAssumeRoleSessionCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(iAM_ROLE_ARN_TO_ASSUME, "us-east-1b")
.withStsClient(AWSSecurityTokenServiceClientBuilder.standard().build())
.withRoleSessionDurationSeconds(900)
.build();
System.out.println("SessionCredentials awsaccesskeyid is - " + stsAssumeRoleSessionCredentialsProvider.getCredentials().getAWSAccessKeyId());
System.out.println("SessionCredentials awsaccesskeyid is - " + stsAssumeRoleSessionCredentialsProvider.getCredentials().getAWSSecretKey());
System.out.println("SessionCredentials awsaccesskeyid is - " + stsAssumeRoleSessionCredentialsProvider.getCredentials().getSessionToken());
}
运行应用程序时出错 - “|WARN|无法检索令牌 com.amazonaws.SdkClientException:无法连接到服务端点:”
[英]Error when running application - "|WARN|Fail to retrieve token com.amazonaws.SdkClientException: Failed to connect to service endpoint:"
将 aws.java.sdk.version 从 1.11.510 升级到 1.11.825,现在出现错误 - com.
[英]Upgraded aws.java.sdk.version from 1.11.510 to 1.11.825 , now getting error - com.amazonaws.SdkClientException: Failed to connect to service endpoint
SQS Java 客户端异常 - com.amazonaws.SdkClientException:无法执行 HTTP 请求:权限被拒绝:连接
[英]SQS Java client exception - com.amazonaws.SdkClientException: Unable to execute HTTP request: Permission denied: connect
com.amazonaws.SdkClientException:无法执行 HTTP 请求:getSessionToken 中的 sts.amazonaws.com
[英]com.amazonaws.SdkClientException : Unable to execute HTTP request: sts.amazonaws.com in GetSessionToken
获取 aws com.amazonaws.SdkClientException 的 PKIX 路径构建失败
[英]Getting PKIX path build failure for aws com.amazonaws.SdkClientException
为什么会出现这个错误? 连接到 sts.amazonaws.com:443 [sts.amazonaws.com/54.239.29.25] 失败:连接超时:com.amazonaws.SdkClientException
[英]Why this error? Connect to sts.amazonaws.com:443 [sts.amazonaws.com/54.239.29.25] failed: connect timed out: com.amazonaws.SdkClientException
com.amazonaws.SdkClientException:读取的数据长度与预期的长度不同
[英]com.amazonaws.SdkClientException: Data read has a different length than the expected
无法找到或加载主类 com.amazonaws.services.lambda.runtime.api.client.AWSLambda
[英]Could not find or load main class com.amazonaws.services.lambda.runtime.api.client.AWSLambda
AWS java sdk 1.10.2 中不存在包 com.amazonaws.services.lambda.runtime
[英]package com.amazonaws.services.lambda.runtime does not exist in AWS java sdk 1.10.2
无法将 com.amazonaws.services.lambda.runtime.Context 注入 Micronaut 无服务器 function“AWS Lambda”
[英]Not able to inject com.amazonaws.services.lambda.runtime.Context into Micronaut serverless function "AWS Lambda"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.