[英]AWS Cognito Exception while uploading a file to s3
public static void main(String[] args) {
AmazonCognitoIdentity identityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials());
identityClient.setEndpoint("cognito-identity.us-east-1.amazonaws.com");
identityClient.setRegion(Region.getRegion(Regions.US_EAST_1));
GetIdRequest idRequest = new GetIdRequest();
idRequest.setAccountId("XXXXXXXXX");
idRequest.setIdentityPoolId("XXXXXXX");
GetIdResult idResp = identityClient.getId(idRequest);
String identityId = idResp.getIdentityId();
GetOpenIdTokenRequest tokenRequest = new GetOpenIdTokenRequest();
tokenRequest.setIdentityId(identityId);
GetOpenIdTokenResult tokenResp = identityClient.getOpenIdToken(tokenRequest);
String openIdToken = tokenResp.getToken();
AWSSecurityTokenService stsClient = new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials());
AssumeRoleWithWebIdentityRequest stsReq = new AssumeRoleWithWebIdentityRequest();
stsReq.setRoleArn(
"arn:aws:cognito-identity:us-east-1:XXXXXX:identitypool/us-east-1:XXXXXXX");
stsReq.setWebIdentityToken(openIdToken);
stsReq.setRoleSessionName("AppTestSession");
AssumeRoleWithWebIdentityResult stsResp = stsClient.assumeRoleWithWebIdentity(stsReq);
Credentials stsCredentials = stsResp.getCredentials();
AWSSessionCredentials sessionCredentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(),
stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken());
Date sessionCredentialsExpiration = stsCredentials.getExpiration();
System.out.println("session credentials expiration -> " + sessionCredentialsExpiration);
String bucketName = "s3fileupload";
String keyName = "cognitokey";
String uploadFileName = "/home/fresher/Downloads/say-hello.jpg";
AmazonS3 s3client = new AmazonS3Client(sessionCredentials);
s3client.setEndpoint("s3fileupload.s3-website-us-west-2.amazonaws.com");
File file = new File(uploadFileName);
s3client.putObject(new PutObjectRequest(bucketName, keyName, file));
}
我收到一個例外,說“請求ARN無效”。 你能指導我一下嗎?
請求ARN無效(服務:AWSSecurityTokenService;狀態代碼:400;錯誤代碼:ValidationError;請求ID:XXXXXXXXXXXXXXXXXX)
在您的STS請求中,您傳遞的是Cognito Identity的ARN,而不是您要獲取憑據的角色Arn。
此處的值應為您在IAM中配置的角色的ARN。 它看起來像這樣:
阿爾恩:AWS:IAM :: 123456789012:角色/ ROLE_NAME
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.