创建一个Java应用程序并部署在EC2实例中,将EC2实例配置文件角色关联到实例
当通过AWS Java SDK V2和V1调用AWS API时,得到以下错误
KmsClient client = KmsClient.builder().region(amazonSessionMapper.getRegion()).build();
无法从系统设置加载凭据。访问密钥必须通过环境变量(AWS_Access_key_ID(或系统属性(AWS.accessKeyId(指定。
是否有与权限/设置相关的内容
注意:我不想在应用程序中使用Access Key和Secret Key,我想使用STS 扮演角色
FINEST|1432182/0|Service controller|22-01-20 13:49:37|software.amazon.awssdk.core.exception.SdkClientException:
Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID)
or system property (aws.accessKeyId). FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:98) ~[software.amazon.awssdk-sdk-core-2.16.84.jar:?]
FINEST|1432182/0|Service controller|22-01-20 13:49:37| at software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider.
resolveCredentials(SystemSettingsCredentialsProvider.java:58) ~[software.amazon.awssdk-auth-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:91)
~[software.amazon.awssdk-auth-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
~[software.amazon.awssdk-auth-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:104)
~[software.amazon.awssdk-auth-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.awscore.client.handler.AwsClientHandlerUtils.createExecutionContext(AwsClientHandlerUtils.java:79)
~[software.amazon.awssdk-aws-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.createExecutionContext(AwsSyncClientHandler.java:68)
~[software.amazon.awssdk-aws-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:99)
~[software.amazon.awssdk-sdk-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:169)
[software.amazon.awssdk-sdk-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:95)
[software.amazon.awssdk-sdk-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
[software.amazon.awssdk-sdk-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:55)
[software.amazon.awssdk-aws-core-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.services.kms.DefaultKmsClient.listAliases(DefaultKmsClient.java:4466)
[software.amazon.awssdk-kms-2.16.84.jar:?] FINEST|1432182/0|Service controller|22-01-20 13:49:37|
at software.amazon.awssdk.services.kms.KmsClient.listAliases(KmsClient.java:7885) [software.amazon.awssdk-kms-2.16.84.jar:?]ases(KmsClient.java:7885) [software.amazon.awssdk-kms-2.16.84.jar:?]
您需要创建一个凭证提供者并在您的客户端中使用:
AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain();
然后,您将能够将此提供程序与.withCredentials
方法一起使用:
AWSKMS kmsClient = AWSKMSClientBuilder.standard()
.withCredentials(credentialsProvider)
.withRegion("us-east-1")
.build();