尝试使用使用DefaultCredentialProvider提供的凭据时,AWS lambda函数不起作用。
我需要将凭据传递给S3,它才能运行。
代码
def initializeAwsCredentials():AWSCredentials = {
var credentials: AWSCredentials = null
try {
credentials = new ProfileCredentialsProvider().getCredentials
} catch {
case e: Exception => {
throw new AmazonClientException(
"Cannot load the credentials from the credential profiles file. " +
"Please make sure that your credentials file is at the correct " +
"location (~/.aws/credentials), and is in valid format.",
e);
}
}
return credentials
}
def buildS3API(credentials: AWSCredentials): AmazonS3 = {
new AmazonS3Client(credentials)
}
// inside handle request
val credentials = initializeAwsCredentials()
println("Credetials have been retrieved successfully")
println("Build S3 API using the constructor provided")
val s3 = buildS3API(credentials)
s3.setRegion(region)
println("S3 API is now available")
错误
{
"errorMessage": "Cannot load the credentials from the credential profiles file. Please make sure that your credentials file is at the correct location (~/.aws/credentials), and is in valid format.",
"errorType": "com.amazonaws.AmazonClientException",
"stackTrace": [
"example.Main$.initializeAwsCredentials(Hello.scala:52)",
"example.Main$.handleRequest(Hello.scala:125)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
],
"cause": {
"errorMessage": "java.lang.NullPointerException",
"errorType": "java.lang.NullPointerException",
"stackTrace": [
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:143)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:132)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:99)",
"com.amazonaws.auth.profile.ProfileCredentialsProvider.getCredentials(ProfileCredentialsProvider.java:135)",
"example.Main$.initializeAwsCredentials(Hello.scala:45)",
"example.Main$.handleRequest(Hello.scala:125)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
}
更新
改用InstanceProfileCredentialsProvider会抛出错误:
val provider: InstanceProfileCredentialsProvider = new InstanceProfileCredentialsProvider()
credentials = provider.getCredentials()
给了我一个错误:
"cause": {
"errorMessage": "Unable to load credentials from Amazon EC2 metadata service",
"errorType": "com.amazonaws.AmazonClientException",
"stackTrace": [
"com.amazonaws.auth.InstanceProfileCredentialsProvider.handleError(InstanceProfileCredentialsProvider.java:244)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.loadCredentials(InstanceProfileCredentialsProvider.java:225)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:124)",
"example.Main$.initializeAwsCredentials(Hello.scala:46)",
"example.Main$.handleRequest(Hello.scala:126)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
],
"cause": {
"errorMessage": "Connection refused (Connection refused)",
"errorType": "java.net.ConnectException",
"stackTrace": [
"java.net.PlainSocketImpl.socketConnect(Native Method)",
"java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)",
"java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)",
"java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)",
"java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)",
"java.net.Socket.connect(Socket.java:589)",
"sun.net.NetworkClient.doConnect(NetworkClient.java:175)",
"sun.net.www.http.HttpClient.openServer(HttpClient.java:463)",
"sun.net.www.http.HttpClient.openServer(HttpClient.java:558)",
"sun.net.www.http.HttpClient.<init>(HttpClient.java:242)",
"sun.net.www.http.HttpClient.New(HttpClient.java:339)",
"sun.net.www.http.HttpClient.New(HttpClient.java:357)",
"sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)",
"sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)",
"sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)",
"sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)",
"com.amazonaws.internal.EC2MetadataClient.readResource(EC2MetadataClient.java:90)",
"com.amazonaws.internal.EC2MetadataClient.getDefaultCredentials(EC2MetadataClient.java:55)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.loadCredentials(InstanceProfileCredentialsProvider.java:186)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:124)",
"example.Main$.initializeAwsCredentials(Hello.scala:46)",
"example.Main$.handleRequest(Hello.scala:126)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
}
}
在使用lambda时,将以下内容配置为环境变量也会失败:
Lambda was unable to configure your environment variables because the
environment variables you have provided contains reserved keys that are
currently not supported for modification. Reserved keys used in this
request: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
发布于 2017-12-13 07:17:13
我不确定您是否需要明确的凭据提供程序。在AWS Lambda内部,凭据通过lambda可以承担的角色自动提供。我知道我从来没有明确地这么做过。
发布于 2019-02-05 09:59:49
在AWS SDK for Java (1.11.4xx
)的最新版本中,几乎所有服务都具有可用于快速创建客户端的“客户端构建器”。
val snsClient = AmazonSNSClientBuilder.defaultClient()
val s3Client = AmazonS3ClientBuilder.defaultClient()
val dynamoDbClient = AmazonDynamoDBAsyncClientBuilder.defaultClient()
val sesClient = AmazonSimpleEmailServiceAsyncClientBuilder.defaultClient()
// ...
在Lambda中,defaultClient()
工作得非常好,因为它将创建一个使用适当提供者的客户端。此提供程序使用具有lambda执行角色中定义的权限的凭据。
在本地环境中,defaultClient
也工作得很好,因为它会获取主机凭据。这之所以有效,是因为defaultClient
在default credentials provider chain上使用
这种方法也很简洁,但是您也可以使用客户端构建器使用特定的凭证"setup/configuration“来创建客户端。
用于Java v2的AWS SDK
如果你想使用新版本的Java SDK (>=2.1
),有一些create
方法可以用来获取客户端(尽管我只是用它来试验新的SDK)
val s3Client = S3AsyncClient.create()
val dynamoDbClient = DynamoDbAsyncClient.create()
// ...
发布于 2017-12-12 08:54:32
对于Lambda函数,您需要使用IAM角色作为凭证。然后,您将使用DefaultAWSCredentialsProviderChain或InstanceProfileCredentialsProvider从IAM角色检索凭据。
Class InstanceProfileCredentialsProvider
下面是一个使用InstanceProfileCredentialsProvider的示例:
AWSCredentialsProvider credentialsProvider = null;
try {
credentialsProvider = new InstanceProfileCredentialsProvider();
// Verify we can fetch credentials
credentialsProvider.getCredentials();
System.out.println("Obtained credentials.");
} catch (AmazonClientException e) {
System.out.println("Unable to obtain credentials", e);
return -1;
}
System.out.println("Using credentials with access key id: " + credentialsProvider.getCredentials().getAWSAccessKeyId());
https://stackoverflow.com/questions/47763573
复制相似问题