我有~/.aws/凭据和配置文件,我的代码低于
clientConfiguration.setProxyHost("MYPROXY");
clientConfiguration.setProxyPort(port);
clientConfiguration.setProxyUsername("username");
clientConfiguration.setProxyPassword("pw");
clientConfiguration.setPreemptiveBasicProxyAuth(false);
AmazonDynamoDBClient client = new AmazonDynamoDBClient(new ProfileCredentialsProvider("MY_PROFILE"),clientConfiguration);
//client.withRegion(Regions.US_EAST_1);
DynamoDBMapper mapper = new DynamoDBMapper(client);
// Get a book - Id=101
GetBook(mapper, 101);
我每次都低于正常水平。我可以在~/.aws/credentials 中的凭据文件中看到会话令牌
Error running the DynamoDBMapperQueryScanExample: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
AWS SDK 1.11.24 java凭据文件
[TES1_AWS_STSdigital_Dev_Developer]
aws_access_key_id = XXXXX
aws_secret_access_key = AAAAA
aws_security_token = BBBBBBBB
token_expiration = 2016-08-08T16:34:48Z
[TEST2_AWS_TEST_Dev_ReadOnly]
aws_access_key_id = MMMMMM
aws_secret_access_key = NNNNNN
aws_security_token = OOOOOOO
token_expiration = 2016-08-08T16:34:48Z
[TEST3_AWS_STSdigital_Prod_ProdSupport]
aws_access_key_id = KKKKKKK
aws_secret_access_key = LLLLLLLLL
aws_security_token =FFFFFFFF
token_expiration = 2016-08-08T16:34:48Z
[TEST4_AWS_STSdigital_Prod_Monitoring]
aws_access_key_id = WWWWWW
aws_secret_access_key = SSSSSSSS
aws_security_token = VVVVVVVVV
token_expiration = 2016-08-08T16:34:48Z
~/.aws/config 中的配置文件
[DEFAULT]
scope = urn:amazon:webservices
[saml_provider]
url = https://myprivatesssaccess
default_region = us-east-1
[profile TEST1_AWS_STSdigital_Dev_Developer]
saml_role = arn:aws:iam::44444444:role/TEST1_AWS_STSdigital_Dev_Developer
region = us-east-1
[profile TEST2_AWS_TEST_Dev_ReadOnly]
saml_role = arn:aws:iam::3333333:role/TEST2_AWS_TEST_Dev_ReadOnly
region = us-east-1
[profile TEST3_STSdigital_Prod_ProdSupport]
saml_role = arn:aws:iam::222222:role/TEST3_AWS_STSdigital_Prod_ProdSupport
region = us-east-1
[profile TEST4_AWS_STSdigital_Prod_Monitoring]
saml_role = arn:aws:iam::1111111:role/TEST4_AWS_STSdigital_Prod_Monitoring
region = us-east-1
当我将区域设置为RegionEndpoint.APEast1而不是RegionEndpoint.USEast1时,我收到了此错误。
我的错误是,我接受了在IntelliSense中看到的第一个East1字符串。
从简单的事情开始。你检查过文件的权限了吗?至少从Linux他们需要600或用户读/写,组和世界没有访问权限。
您是否检查了AWS方面,以验证这些凭据是否与您尝试使用的帐户相关联?
你能运行一个使用凭据的简单命令吗?来自Amazon的CLI aws命令是一个完美的起点。
aws ec2 help
是好的第一次检查。然后尝试访问一些通常可用的信息,如现货EC2实例价格历史记录:
aws ec2 describe-spot-price-history --prod "Linux/UNIX" --start-time 2016-08-15
应该为您提供数千行输出。然后尝试访问您自己的一些帐户信息:
aws ec2 describe-instances
在这一点上,您知道一切都在CLI中工作。下一步是实现非常Java的连接,如果您在找到~/.aws/的同一主目录的同一台机器上运行它,那么现在应该可以工作了。
我每天都使用来自Java的DynamoDB访问。一旦你扫清了一些障碍,效果就很好。
我使用AWS Fed从终端通过联邦角色启用对AWS的临时访问,而不是通过AWS configure命令进行访问。我在使用boto3与DynamoDB交互时遇到了同样的错误,并通过在终端中将AWS Profile设置为saml来解决,如下所示
export AWS_PROFILE=saml
其他情况可能是,如果会话已过期,请再次尝试aws configure,然后重试。