堆栈内存溢出
  繁体   English   中英

具有 FIPS 的 AWS Iam——凭证应限定在有效区域

[英]AWS Iam with FIPS -- Credential should be scoped to a valid region

 原文  2022-12-22 09:57:08       amazon-web-services/ amazon-s3/ amazon-iam

问题描述

我正在尝试连接到 IAM 的 FIPS 端点。 以下是我正在使用的测试代码。


                AwsClientBuilder.EndpointConfiguration endPointConfiguration =
                        new AwsClientBuilder.EndpointConfiguration("iam-fips.amazonaws.com", Regions.US_WEST_2.getName());
                if (credentialsProvider.getCredentials() != null) {
                    AmazonIdentityManagement client  =  AmazonIdentityManagementClientBuilder.standard()
                            .withCredentials(credentialsProvider)
                            .withEndpointConfiguration(endPointConfiguration)
                            .build();
                    GetUserRequest getUserRequest = new GetUserRequest();
                    getUserRequest.setUserName("john@abc.com");
                    System.out.println(client.getUser(getUserRequest));
                }

当我尝试获取用户 john@abc.com 的用户详细信息时,它会抛出以下异常。

com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException: Credential should be scoped to a valid region. (Service: AmazonIdentityManagement; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: 617d-4213-a1ec-26aaf9145f8a; Proxy: null)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1879)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1418)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1387)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1157)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:814)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:781)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:755)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:715)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:697)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:561)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:541)
    at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:12948)

但对于 Iam FIPS 端点,文档中没有可用区域https://aws.amazon.com/compliance/fips/

我错过了什么吗?

1 个解决方案

解决方案1
 0  2022-12-22 13:58:02

我找到了解决方案,在这种情况下,我们应该使用 us-east-1 作为 IAM api 调用的区域。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS 角色与 duckdb HTTPFS 调用中的 iam 凭证 如何在 ~/.aws/credential 文件中创建根凭证 IAM 角色访问另一个 AWS 账户的服务 AWS iam 和 JQ 过滤角色的问题 多次导入 aws_iam_policy AWS Java SDK - 无法通过区域提供商链找到区域 不支持 AWS SES 法兰克福区域 AWS,Credential 必须正好有 5 个斜杠分隔的元素, iOS“请求缺少必需的身份验证凭据。需要 OAuth 2 访问令牌、登录 cookie 或其他有效的身份验证凭据 Aws IAM 组:在 Terraform 上设置对日志组的只读访问
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM