如何處理SNS的AWS安全問題

Question

我正嘗試使用Spring Cloud向AWS發佈SNS消息。但我是新手，無法理解安全設置。 我在AWS中創建了一個用戶。我給了他一個「AmazonSNSRole」角色。 我有代碼：

import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.cloud.aws.messaging.core.NotificationMessagingTemplate; 
import org.springframework.http.HttpStatus; 
import org.springframework.web.bind.annotation.*; 

@RestController     
@RequestMapping("/sns")   
public class SnsSenderController {  

    private static final Logger theLogger = LoggerFactory.getLogger(SnsSenderController.class); 
    private final NotificationMessagingTemplate notificationMessagingTemplate; 

    @Autowired 
    public SnsSenderController(NotificationMessagingTemplate notificationMessagingTemplate) { 
     this.notificationMessagingTemplate = notificationMessagingTemplate; 
    } 

    @RequestMapping(value = "/send", method = RequestMethod.POST) 
    @ResponseStatus(HttpStatus.OK) 
    public void sendNotification(@RequestBody SnsNotification notification) { 
     theLogger.debug("Going to send notification {}", notification); 

     this.notificationMessagingTemplate.sendNotification("SnsTopic", notification.getMessage(), notification.getSubject()); 
    } 

} 

我有beans.xml中，我把鑰匙放在我的AMS用戶：

<?xml version="1.0" encoding="UTF-8"?> 

<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:aws-context="http://www.springframework.org/schema/cloud/aws/context" 
     xmlns:aws-messaging="http://www.springframework.org/schema/cloud/aws/messaging" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans.xsd 
          http://www.springframework.org/schema/cloud/aws/context 
          http://www.springframework.org/schema/cloud/aws/context/spring-cloud-aws-context-1.0.xsd 
          http://www.springframework.org/schema/cloud/aws/messaging 
          http://www.springframework.org/schema/cloud/aws/messaging/spring-cloud-aws-messaging-1.0.xsd"> 

     <!-- Define global credentials for all the AWS clients --> 
     <aws-context:context-credentials> 
       <aws-context:instance-profile-credentials/> 
       <aws-context:simple-credentials access-key="accessKeyForMyUser" 
               secret-key="secretKeyForMyUser"/> 
     </aws-context:context-credentials> 

     <!-- Messaging--> 
     <aws-messaging:notification-messaging-template id="notificationMessagingTemplate" /> 

</beans> 

但是，當我試圖發送SNS我看到錯誤：

02:08:36.445 [http-nio-8080-exec-4] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48)] with root cause 
com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48) 

爲什麼這麼說？請，有人可以解釋我如何處理它？像我這樣的新手真的很難。先謝謝你！

Answer 1

您需要提供實例配置文件憑據或用戶憑據。 由於您使用的是用戶憑證，因此從Spring xml bean中刪除實例配置文件憑據