1. 首頁
  2. 問答
  3. aws-java-sdk獲取非aws環境的臨時憑證

aws-java-sdk獲取非aws環境的臨時憑證

2017-04-24 172 views
0

我有權使用用戶名爲logingUserId的aws帳戶。我想在CI服務器上創建訪問配置文件,以便我可以使用AWS工具(如kinesis,dynamodb等)測試我的應用程序。我編寫了一個生成訪問密鑰,密鑰和會話令牌的方法(使用AssumeRoleRequest)。它似乎沒有工作。aws-java-sdk獲取非aws環境的臨時憑證

it("provides temporary access to AWS") { 
    val assumeRoleRequest = new AssumeRoleRequest 

    assumeRoleRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName) 
    assumeRoleRequest.setRoleSessionName("test-session") 
    assumeRoleRequest.setExternalId(loginUserId) 

    val tokenService = new AWSSecurityTokenServiceClient() // 
    tokenService.setEndpoint("sts-endpoint.amazonaws.com") 
    tokenService.assumeRole(assumeRoleRequest) 

    val tokenRequestEvent = new GetSessionTokenRequest() 
    tokenRequestEvent.setDurationSeconds(7200) // optional 

    val tokenResponseEvent = 
     tokenService.getSessionToken(tokenRequestEvent) 

    val creds = tokenResponseEvent.getCredentials 

    println(creds.getAccessKeyId) //write to ~/.aws/credentials 
    println(creds.getSecretAccessKey) //write to ~/.aws/credentials 
    println(creds.getSessionToken) //write to ~/.aws/credentials 
    println(creds.getExpiration) 
    }

錯誤 - 無法從任何提供者加載在鏈

/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/bin/java -Didea.launcher.port=7541 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Users/as18/Library/Application Support/IntelliJIdea2016.2/Scala/lib/scala-plugin-runners.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/tools.jar:/Users/as18/possibilities/programming/s2/whats-in-stream-v2/target/test-classes:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk/1.11.109/aws-java-sdk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-pinpoint/1.11.109/aws-java-sdk-pinpoint-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/jmespath-java/1.11.109/jmespath-java-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-xray/1.11.109/aws-java-sdk-xray-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworkscm/1.11.109/aws-java-sdk-opsworkscm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-support/1.11.109/aws-java-sdk-support-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpledb/1.11.109/aws-java-sdk-simpledb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servicecatalog/1.11.109/aws-java-sdk-servicecatalog-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servermigration/1.11.109/aws-java-sdk-servermigration-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpleworkflow/1.11.109/aws-java-sdk-simpleworkflow-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-storagegateway/1.11.109/aws-java-sdk-storagegateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-route53/1.11.109/aws-java-sdk-route53-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-s3/1.11.109/aws-java-sdk-s3-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-importexport/1.11.109/aws-java-sdk-importexport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sts/1.11.109/aws-java-sdk-sts-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sqs/1.11.109/aws-java-sdk-sqs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rds/1.11.109/aws-java-sdk-rds-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-redshift/1.11.109/aws-java-sdk-redshift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticbeanstalk/1.11.109/aws-java-sdk-elasticbeanstalk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-glacier/1.11.109/aws-java-sdk-glacier-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iam/1.11.109/aws-java-sdk-iam-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-datapipeline/1.11.109/aws-java-sdk-datapipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancing/1.11.109/aws-java-sdk-elasticloadbalancing-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancingv2/1.11.109/aws-java-sdk-elasticloadbalancingv2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-emr/1.11.109/aws-java-sdk-emr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticache/1.11.109/aws-java-sdk-elasticache-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elastictranscoder/1.11.109/aws-java-sdk-elastictranscoder-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ec2/1.11.109/aws-java-sdk-ec2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dynamodb/1.11.109/aws-java-sdk-dynamodb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sns/1.11.109/aws-java-sdk-sns-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-budgets/1.11.109/aws-java-sdk-budgets-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudtrail/1.11.109/aws-java-sdk-cloudtrail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatch/1.11.109/aws-java-sdk-cloudwatch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-logs/1.11.109/aws-java-sdk-logs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-events/1.11.109/aws-java-sdk-events-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidentity/1.11.109/aws-java-sdk-cognitoidentity-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitosync/1.11.109/aws-java-sdk-cognitosync-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directconnect/1.11.109/aws-java-sdk-directconnect-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudformation/1.11.109/aws-java-sdk-cloudformation-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudfront/1.11.109/aws-java-sdk-cloudfront-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-clouddirectory/1.11.109/aws-java-sdk-clouddirectory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kinesis/1.11.109/aws-java-sdk-kinesis-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworks/1.11.109/aws-java-sdk-opsworks-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ses/1.11.109/aws-java-sdk-ses-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-autoscaling/1.11.109/aws-java-sdk-autoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudsearch/1.11.109/aws-java-sdk-cloudsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatchmetrics/1.11.109/aws-java-sdk-cloudwatchmetrics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codedeploy/1.11.109/aws-java-sdk-codedeploy-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codepipeline/1.11.109/aws-java-sdk-codepipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kms/1.11.109/aws-java-sdk-kms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-config/1.11.109/aws-java-sdk-config-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lambda/1.11.109/aws-java-sdk-lambda-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecs/1.11.109/aws-java-sdk-ecs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecr/1.11.109/aws-java-sdk-ecr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudhsm/1.11.109/aws-java-sdk-cloudhsm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ssm/1.11.109/aws-java-sdk-ssm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workspaces/1.11.109/aws-java-sdk-workspaces-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-machinelearning/1.11.109/aws-java-sdk-machinelearning-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directory/1.11.109/aws-java-sdk-directory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-efs/1.11.109/aws-java-sdk-efs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codecommit/1.11.109/aws-java-sdk-codecommit-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-devicefarm/1.11.109/aws-java-sdk-devicefarm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticsearch/1.11.109/aws-java-sdk-elasticsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-waf/1.11.109/aws-java-sdk-waf-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacecommerceanalytics/1.11.109/aws-java-sdk-marketplacecommerceanalytics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-inspector/1.11.109/aws-java-sdk-inspector-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iot/1.11.109/aws-java-sdk-iot-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-api-gateway/1.11.109/aws-java-sdk-api-gateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-acm/1.11.109/aws-java-sdk-acm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-gamelift/1.11.109/aws-java-sdk-gamelift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dms/1.11.109/aws-java-sdk-dms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacemeteringservice/1.11.109/aws-java-sdk-marketplacemeteringservice-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidp/1.11.109/aws-java-sdk-cognitoidp-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-discovery/1.11.109/aws-java-sdk-discovery-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-applicationautoscaling/1.11.109/aws-java-sdk-applicationautoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-snowball/1.11.109/aws-java-sdk-snowball-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rekognition/1.11.109/aws-java-sdk-rekognition-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-polly/1.11.109/aws-java-sdk-polly-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lightsail/1.11.109/aws-java-sdk-lightsail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-stepfunctions/1.11.109/aws-java-sdk-stepfunctions-1.11.109.jar:/Users/as18/.m2/repository/com/jayway/jsonpath/json-path/2.2.0/json-path-2.2.0.jar:/Users/as18/.m2/repository/org/slf4j/slf4j-api/1.7.16/slf4j-api-1.7.16.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-health/1.11.109/aws-java-sdk-health-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-costandusagereport/1.11.109/aws-java-sdk-costandusagereport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codebuild/1.11.109/aws-java-sdk-codebuild-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-appstream/1.11.109/aws-java-sdk-appstream-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-shield/1.11.109/aws-java-sdk-shield-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-batch/1.11.109/aws-java-sdk-batch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lex/1.11.109/aws-java-sdk-lex-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-mechanicalturkrequester/1.11.109/aws-java-sdk-mechanicalturkrequester-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-organizations/1.11.109/aws-java-sdk-organizations-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workdocs/1.11.109/aws-java-sdk-workdocs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-core/1.11.109/aws-java-sdk-core-1.11.109.jar:/Users/as18/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpcore/4.4.4/httpcore-4.4.4.jar:/Users/as18/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar:/Users/as18/.m2/repository/software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.6/jackson-databind-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.6.0/jackson-annotations-2.6.0.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.6.6/jackson-core-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.6.6/jackson-dataformat-cbor-2.6.6.jar:/Users/as18/.m2/repository/joda-time/joda-time/2.8.1/joda-time-2.8.1.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-models/1.11.109/aws-java-sdk-models-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-swf-libraries/1.11.22/aws-java-sdk-swf-libraries-1.11.22.jar:/Users/as18/.m2/repository/org/scalatest/scalatest_2.11/3.0.1/scalatest_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-library/2.11.8/scala-library-2.11.8.jar:/Users/as18/.m2/repository/org/scalactic/scalactic_2.11/3.0.1/scalactic_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-reflect/2.11.8/scala-reflect-2.11.8.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-xml_2.11/1.0.5/scala-xml_2.11-1.0.5.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-parser-combinators_2.11/1.0.4/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-actors-2.11.0.jar:/usr/local/scala-2.11.8/lib/scala-actors-migration_2.11-1.1.0.jar:/usr/local/scala-2.11.8/lib/scala-library.jar:/usr/local/scala-2.11.8/lib/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-reflect.jar:/usr/local/scala-2.11.8/lib/scala-swing_2.11-1.0.2.jar:/usr/local/scala-2.11.8/lib/scala-xml_2.11-1.0.4.jar:/Applications/IntelliJ IDEA.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner -s creds.Test -testName "provides temporary access to AWS" -showProgressMessages true -C org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestReporter 
Testing started at 3:20 AM ... 

Unable to load AWS credentials from any provider in the chain 
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain 
    at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1119) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:759) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:723) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) 
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) 
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) 
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271) 
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247) 
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454) 
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431) 
    at creds.Test$$anonfun$1.apply$mcV$sp(Test.scala:24) 
    at creds.Test$$anonfun$1.apply(Test.scala:15) 
    at creds.Test$$anonfun$1.apply(Test.scala:15) 
    at org.scalatest.OutcomeOf$class.outcomeOf(OutcomeOf.scala:85) 
    at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104) 
    at org.scalatest.Transformer.apply(Transformer.scala:22) 
    at org.scalatest.Transformer.apply(Transformer.scala:20) 
    at org.scalatest.FunSpecLike$$anon$1.apply(FunSpecLike.scala:454) 
    at org.scalatest.TestSuite$class.withFixture(TestSuite.scala:196) 
    at org.scalatest.FunSpec.withFixture(FunSpec.scala:1630) 
    at org.scalatest.FunSpecLike$class.invokeWithFixture$1(FunSpecLike.scala:451) 
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464) 
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464) 
    at org.scalatest.SuperEngine.runTestImpl(Engine.scala:289) 
    at org.scalatest.FunSpecLike$class.runTest(FunSpecLike.scala:464) 
    at org.scalatest.FunSpec.runTest(FunSpec.scala:1630) 
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497) 
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497) 
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:396) 
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:384) 
    at scala.collection.immutable.List.foreach(List.scala:381) 
    at org.scalatest.SuperEngine.traverseSubNodes$1(Engine.scala:384) 
    at org.scalatest.SuperEngine.org$scalatest$SuperEngine$$runTestsInBranch(Engine.scala:379) 
    at org.scalatest.SuperEngine.runTestsImpl(Engine.scala:461) 
    at org.scalatest.FunSpecLike$class.runTests(FunSpecLike.scala:497) 
    at org.scalatest.FunSpec.runTests(FunSpec.scala:1630) 
    at org.scalatest.Suite$class.run(Suite.scala:1147) 
    at org.scalatest.FunSpec.org$scalatest$FunSpecLike$$super$run(FunSpec.scala:1630) 
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501) 
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501) 
    at org.scalatest.SuperEngine.runImpl(Engine.scala:521) 
    at org.scalatest.FunSpecLike$class.run(FunSpecLike.scala:501) 
    at org.scalatest.FunSpec.run(FunSpec.scala:1630) 
    at org.scalatest.tools.SuiteRunner.run(SuiteRunner.scala:45) 
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1340) 
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1334) 
    at scala.collection.immutable.List.foreach(List.scala:381) 
    at org.scalatest.tools.Runner$.doRunRunRunDaDoRunRun(Runner.scala:1334) 
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1011) 
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1010) 
    at org.scalatest.tools.Runner$.withClassLoaderAndDispatchReporter(Runner.scala:1500) 
    at org.scalatest.tools.Runner$.runOptionallyWithPassFailReporter(Runner.scala:1010) 
    at org.scalatest.tools.Runner$.run(Runner.scala:850) 
    at org.scalatest.tools.Runner.run(Runner.scala) 
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.runScalaTest2(ScalaTestRunner.java:138) 
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.main(ScalaTestRunner.java:28) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:498) 
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)

使用AssumeRoleWithWebIdentityRequest太試過了,這使得更多的意義比AssumeRoleRequest AWS憑據。但是拋出相同的無法加載creds錯誤。

it("provides temporary access to AWS") { 
    val identityRequest = new AssumeRoleWithWebIdentityRequest() 
    identityRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName) 
    //identityRequest.setWebIdentityToken(loginUserId) //I dont know what is it 
    identityRequest.setRoleSessionName(loginUserId) 

    val tokenService = new AWSSecurityTokenServiceClient() 
    tokenService.setEndpoint("sts-endpoint.amazonaws.com") 
    val creds = tokenService.assumeRoleWithWebIdentity(identityRequest).getCredentials 

    println(creds.getAccessKeyId) 
    println(creds.getSecretAccessKey) 
    println(creds.getSessionToken) 
    println(creds.getExpiration) 
    }

其發送的請求是

POST null/Parameters: ({"Action":["AssumeRoleWithWebIdentity"],"Version":["2011-06-15"],"RoleArn":["arn:aws:iam::accountId:role/roleName"],"RoleSessionName":["loginUserId"]}

其中resourcePath是null,不知道爲什麼?

我使用aws-java-sdk 1.11

<dependency> 
     <groupId>com.amazonaws</groupId> 
     <artifactId>aws-java-sdk</artifactId> 
     <version>1.11.109</version> 
     <scope>compile</scope> 
    </dependency>

On terminal,詢問我沒有個人資料。我擁有的是用戶名和密碼aws帳戶。

$ aws sts assume-role --role-arn arn:aws:iam::someAccount:role/rolenNameForMe --role-session-name "RoleSession1" > assume-role-output.txt 
Unable to locate credentials. You can configure credentials by running "aws configure".

當我檢查的UI用戶頁面上,我有限制

User: arn:aws:sts::accountId:assumed-role/roleName/loginUserId is not authorized to perform: iam:ListUsers on resource: arn:aws:iam::accountId:user/

來源

2017-04-24 prayagupd

回答

3

當您對一個AWS服務的調用,您必須提供憑證,以確定你是誰。這也適用於撥打AssumeRole請求的電話。 (畢竟,如果沒有您的許可,您不希望世界上的任何人能夠撥打這些電話)

如果您在具有關聯的IAM角色的Amazon EC2實例上運行代碼,那麼這些憑據將是通過實例元數據服務自動傳遞給實例。致電AWS SDK將自動使用這些憑據。

如果您沒有在具有關聯角色的EC2實例上運行,則可以在配置文件中提供本地憑據。最簡單的方法是運行aws configure並提供訪問密鑰和密鑰(當創建IAM用戶時從IAM獲得)。請記住 - 您必須以IAM用戶身份撥打電話,所以請使用該用戶的憑據。

你提到你有一個AWS帳戶的用戶名和密碼,所以:

  • 轉到IAM在管理控制檯
  • 選擇您的用戶
  • 查找在安全證書選項卡
  • 點擊創建訪問密鑰
  • 調用時使用這些憑據aws configure

來源

2017-04-24 11:48:23

+0

1)問題是針對非aws環境的2)我對aws的訪問權限有限,因爲我無法像創建用戶界面一樣創建訪問鍵。 3)這就是爲什麼我想知道是否有一種方法可以在非aws上使用我的'loginUserId'和'loginPassword'申請臨時信用? – prayagupd

+0

只有['AssumeRoleWithWebIdentity'](http:// docs.aws.amazon.com/ STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html')可以在沒有AWS憑證的情況下運行,因爲您必須首先通過外部ID提供程序進行身份驗證(例如Facebook ,谷歌),然後被允許承擔一個角色。 –

+0

這就是我想要使用,如果你看到這個問題。我的混淆是'IdentityToken'和'RoleSessionName'。我沒有使用任何外部提供者的身份驗證,所以不知道它的價值。對於'RoleSessionName',它說''通常,你傳遞與正在使用你的應用程序的用戶相關聯的名稱或標識符.'因此,我傳遞了我的loginUserName本身。 – prayagupd

相關問題

 相關問題