当我在机器上拥有密钥、访问密钥和配置文件名时,我的代码正在工作,并在实例化AmazonSQSClient之前使用这些来设置身份验证(我在.NET凭据文件中注册了一个配置文件,如下所述(。
现在,我已经设置了我的堆栈,以便为我的实例分配一个IAM角色,该角色在相关队列上具有正确的权限。从教程中我不清楚我应该如何创建AmazonSQSClient,因为我的服务(理论上(凭借机器的IAM角色拥有所需的权限,所以我尝试了很多方法,但现在我只是使用无参数构造函数。
不过,我对ReceiveMessageAsync()的呼叫失败了。疯狂的长堆栈跟踪摘录:
Exception details:
Message: The security token included in the request is invalid.
Stack trace: at Amazon.Runtime.Internal.HttpErrorResponseExceptionHandler.HandleException(IExecutionContext executionContext, HttpErrorResponseException exception)
at Amazon.Runtime.Internal.ExceptionHandler`1.Handle(IExecutionContext executionContext, Exception exception)
at Amazon.Runtime.Internal.ErrorHandler.ProcessException(IExecutionContext executionContext, Exception exception)
at Amazon.Runtime.Internal.ErrorHandler.<InvokeAsync>d__5`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
[...]
Message: The remote server returned an error: (403) Forbidden.
Stack trace: at Amazon.Runtime.Internal.HttpRequest.<GetResponseAsync>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
我是不是错过了什么?当IAM角色设置正确时,此代码不应该工作吗?
尝试使用InstanceProfileCredentialProvider SDK方法来启动您的SQS客户端。由于您已通过IAM授予权限,因此sdk应通过IAM获取访问详细信息。为此,您必须使用InstanceProfileCredentialsProvider,如下所示,
AmazonSQS sqs = AmazonSQSClientBuilder
.standard()
.withCredentials(new InstanceProfileCredentialsProvider(true))
.build();