以下是代码片段:
String strIndexRole = "arn:aws:iam::<my acct no>:role/Kendra-CloudwatchRole";
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withEndpointConfiguration(new EndpointConfiguration("console.aws.amazon.com/kendra/home?region=us-east-1", "us-east-1"))
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(strIndexRole).withDurationSeconds(7200);
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
这是一个例外:
15:38:30.301[main]调试org.apache.http.impl.conn.PoolingHttpClientConnectionManager-连接已发布:[id:0][路由:{s}->https://console.aws.amazon.com:443][可用总数:1;分配的路线:50个中的1条;分配的总数:50中的1条]线程中的异常";主";com.amazonaws.SdkClientException:无法取消对响应的分组([行,列]处的ParseError:[19,24]消息:引用实体";状态";必须以";"结尾分隔符(。响应代码:200,响应文本:OK网址:com.amazonaws.http://AmazonHttpClient$RequestExecution.handleResponse(AmazonHttpClient.java:1750(网址:com.amazonaws.http://AmazonHttpClient$RequestExecution.handleSuccessResponse(AmazonHttpClient.java:1446(网址:com.amazonaws.http://AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1368(网址:com.amazonaws.http://AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145(网址:com.amazonaws.http://AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802(网址:com.amazonaws.http://AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770(网址:com.amazonaws.http.AamazonHttpClient$RequestExecution.execute(AmazonHttpClient.java:744(网址:com.amazonaws.http://AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704(网址:com.amazonaws.http.AamazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686(网址:com.amazonaws.http://AmazonHttpClient.exexecute(AmazonHttpClient.java:550(网址:com.amazonaws.http://AmazonHttpClient.exexecute(AmazonHttpClient.java:530(网址:com.amazonaws.services.securitytoken.AWSecurityTokenServiceClient.doInvoke(AWSSecurityTokesServiceClient.java:1719(网址:com.amazonaws.services.securitytoken.AWSecurityTokenServiceClient.ioke(AWSSecurityTokesServiceClient.java:1686(网址:com.amazonaws.services.securitytoken.AWSecurityTokenServiceClient.ioke(AWSSecurityTokesServiceClient.java:1675(网址:com.amazonaws.services.securitytoken.AWSecurityTokenServiceClient.executeAsumeRole(AWSSecurityTokesServiceClient.java:589(网址:com.amazonaws.services.securitytoken.AWSecurityTokenServiceClient.assumeRole(AWSSecurityTokesServiceClient.java:561(网址:com.aws.kendra.try.SampleKendraTrial.main(SampleKendraTril.java:73(引起原因:javax.xml.stream.XMLStreamException:[行,列]处的ParseError:[19,24]消息:引用实体";状态";必须以";"结尾分隔符。网址:com.sun.org/apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderCimpl.java:604(网址:com.sun.xml.internal.stream.XMLEventReaderImpl.peek(XMLEventReaderCimpl.java:276(网址:com.amazonaws.transform.StaxUnmarshallerContext.nextEvent(StaxUnmarhallerContext.java:220(网址:com.amazonaws.services.securitytoken.model.transform.AsseumeRoleResultStaxUnmarshall.unmarshall网址:com.amazonaws.services.securitytoken.model.transform.AsseumeRoleResultStaxUnmarshall.unmarshall网址:com.amazonaws.http.StaxResponseHandler.handle(StaxResponceHandler.java:106(网址:com.amazonaws.http.StaxResponseHandler.handle(StaxResponceHandler.java:42(网址:com.amazonaws.http.response.AwsResponseHandlerAdapter.handle(AwsResponceHandlerAdaper.java:69(网址:com.amazonaws.http://AmazonHttpClient$RequestExecution.handleResponse(AmazonHttpClient.java:1726(…还有16个
我认为您遇到的部分问题是配置AWSSecurityTokenService的方式。上面发布的异常堆栈跟踪中的以下行也表明了这个问题。
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:561)
关于如何在Java中扮演IAM角色、获取临时凭据和调用AWS服务(此处S3是使用临时凭据调用的AWS服务(,请参阅此内容。您可以使用相同的概念来调用Kendra API。从上面的例子中,你可以了解如何构建BasicSessionCredentials,并使用它来构建KendraClient(类似于上面例子中使用AmazonS3ClientBuilder构建AmazonS3客户端的方式(。一旦你建立了KendraClient,你就可以参考这个例子来查询你的Kendra索引。