[英]AWS Iam with FIPS -- Credential should be scoped to a valid region
我正在尝试连接到 IAM 的 FIPS 端点。 以下是我正在使用的测试代码。
AwsClientBuilder.EndpointConfiguration endPointConfiguration =
new AwsClientBuilder.EndpointConfiguration("iam-fips.amazonaws.com", Regions.US_WEST_2.getName());
if (credentialsProvider.getCredentials() != null) {
AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard()
.withCredentials(credentialsProvider)
.withEndpointConfiguration(endPointConfiguration)
.build();
GetUserRequest getUserRequest = new GetUserRequest();
getUserRequest.setUserName("john@abc.com");
System.out.println(client.getUser(getUserRequest));
}
当我尝试获取用户 john@abc.com 的用户详细信息时,它会抛出以下异常。
com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException: Credential should be scoped to a valid region. (Service: AmazonIdentityManagement; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: 617d-4213-a1ec-26aaf9145f8a; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1879)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1418)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1387)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1157)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:814)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:781)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:755)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:715)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:697)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:561)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:541)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:12948)
但对于 Iam FIPS 端点,文档中没有可用区域https://aws.amazon.com/compliance/fips/
我错过了什么吗?
我找到了解决方案,在这种情况下,我们应该使用 us-east-1 作为 IAM api 调用的区域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.