我试图在假定规则后将其连接到AWS SQS,并且IM在一个小时后获得过期的安全令牌错误,我如何自动刷新连接?
@Bean
public QueueMessagingTemplate queueMessagingTemplate(){
return new QueueMessagingTemplate(amazonSQSAsync());
}
private AmazonSQSAsync amazonSQSAsync(){
try {
logger.info("Start amazonSQSAsync");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(AWS_REGION)
.build();
logger.info("stsClient created successfully");
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(ROLE_ARN)
.withRoleSessionName(ROLE_SESSION_NAME)
.withDurationSeconds(3600);
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);
logger.info("assumeRoleResult created successfully");
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
assumeRoleResult.getCredentials().getAccessKeyId(),
assumeRoleResult.getCredentials().getSecretAccessKey(),
assumeRoleResult.getCredentials().getSessionToken());
logger.info("basicSessionCredentials created successfully");
AmazonSQSAsync amazonSQSAsync = AmazonSQSAsyncClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
.withRegion(AWS_REGION).build();
// .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(SQS_URL,"us-east-2"))
logger.info("amazonSQSAsync created successfully");
return amazonSQSAsync;
} catch (Exception e){
logger.error("Failed to create Amazon sqs client", e);
throw e;
}
}
您可以从stsassumerolesessessessessencredentialsprovider获得自动更新凭据:
AWSSecurityTokenService stsClient
= AWSSecurityTokenServiceClientBuilder.defaultClient();
STSAssumeRoleSessionCredentialsProvider assumedRoleCredentialsProvider
= new STSAssumeRoleSessionCredentialsProvider.Builder(ROLE_ARN, SESSION_ID)
.withStsClient(stsClient)
.build();
AmazonSQS sqsClient
= AmazonSQSClientBuilder.standard()
.withCredentials(assumedRoleCredentialsProvider)
.build();
请注意,在使用派生客户端时,您无法关闭stsClient。根据AWS建议,创建一个持续程序寿命的单例实例。