我有访问密钥、密钥、区域和DynamoDB端点,通过它们我可以连接到数据库,并且我将配置保存在application.properties文件中。现在的要求是不要将访问密钥和密钥保存在application.properties文件中,并遵循AWS STS中的Web标识令牌。我已经从application.properties文件中删除了访问密钥和机密,并具有以下配置。当我启动应用程序时,我会收到以下消息
考虑在您的配置中定义一个类型为"com.amazonaws.services.dynolddbv2.AmazonDynamoDB"的bean
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperConfig;
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperConfig.DefaultTableNameResolver;
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperConfig.TableNameOverride;
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBTypeConverterFactory;
import org.socialsignin.spring.data.dynamodb.repository.config.EnableDynamoDBRepositories;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
@Configuration
@EnableDynamoDBRepositories(dynamoDBMapperConfigRef = "dynamoDBMapperConfig", basePackages = "com.xyz.repository")
public class DynamoDBConfiguration {
@Value("${aws.dynamodb.endpoint}")
private String endpoint;
@Value("${aws.region}")
private String region;
@Value("${aws.dynamodb.table.name}")
private String tableName;
@Bean
public DynamoDBMapperConfig dynamoDBMapperConfig(TableNameOverride tableNameOverrider) {
DynamoDBMapperConfig.Builder builder = new DynamoDBMapperConfig.Builder();
builder.withTypeConverterFactory(DynamoDBTypeConverterFactory.standard());
builder.withTableNameResolver(DefaultTableNameResolver.INSTANCE);
builder.withTableNameOverride(tableNameOverrider());
return builder.build();
}
@Bean
public TableNameOverride tableNameOverrider() {
return TableNameOverride.withTableNamePrefix(tableName);
}
@Bean
public DynamoDbClient amazonDynamoDB() {
return DynamoDbClient.builder()
.region(Region.of(region))
.credentialsProvider(WebIdentityTokenFileCredentialsProvider.create())
.build();
}
}
在pom.xml中,我有以下与AWS相关的依赖项。
<dependencyManagement>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>2.15.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependency>
<groupId>io.github.boostchicken</groupId>
<artifactId>spring-data-dynamodb</artifactId>
<version>5.2.5</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>dynamodb</artifactId>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
</dependency>
您的Java代码中存在更多的creds问题。更大的问题是你混淆了V1和V2。
Java DynamoDB V1 API是:
com.amazonaws.services.dynoldbr2.*
Java DyanamoDB V2 API是:
software.aamazon.awssdk.services.dynoldedb.*
现在您的POM文件引用了V2 API:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>2.15.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
您不应该混淆V1和V2。您将V2用于Service Client,将V1用于DynamoDBMapperConfig对象。这不是好的做法,也不会奏效。
去掉V1 API,只替换为V2 API。您似乎想要使用DynamoDBMapper功能。对于V2,它现在是增强型客户端的一部分。
在AWS SDK for Java 2.x 中使用DynamoDB增强型客户端
要查看向您展示如何使用AWS SDK for Java V2(包括增强客户端(构建Spring BOOT应用程序的AWS教程,请参阅:
创建Amazon DynamoDB web应用程序项目跟踪器
在本教程中,EnvironmentVariableCredentialsProvider用于处理AWS键值。