使用scala时lambda的AWS凭据不起作用
使用scala时lambda的AWS凭据不起作用
提问于 2017-12-12 08:23:53
尝试使用使用DefaultCredentialProvider提供的凭据时,AWS lambda函数不起作用。
我需要将凭据传递给S3,它才能运行。
代码
def initializeAwsCredentials():AWSCredentials = {
var credentials: AWSCredentials = null
try {
credentials = new ProfileCredentialsProvider().getCredentials
} catch {
case e: Exception => {
throw new AmazonClientException(
"Cannot load the credentials from the credential profiles file. " +
"Please make sure that your credentials file is at the correct " +
"location (~/.aws/credentials), and is in valid format.",
e);
}
}
return credentials
}
def buildS3API(credentials: AWSCredentials): AmazonS3 = {
new AmazonS3Client(credentials)
}
// inside handle request
val credentials = initializeAwsCredentials()
println("Credetials have been retrieved successfully")
println("Build S3 API using the constructor provided")
val s3 = buildS3API(credentials)
s3.setRegion(region)
println("S3 API is now available")错误
{
"errorMessage": "Cannot load the credentials from the credential profiles file. Please make sure that your credentials file is at the correct location (~/.aws/credentials), and is in valid format.",
"errorType": "com.amazonaws.AmazonClientException",
"stackTrace": [
"example.Main$.initializeAwsCredentials(Hello.scala:52)",
"example.Main$.handleRequest(Hello.scala:125)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
],
"cause": {
"errorMessage": "java.lang.NullPointerException",
"errorType": "java.lang.NullPointerException",
"stackTrace": [
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:143)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:132)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:99)",
"com.amazonaws.auth.profile.ProfileCredentialsProvider.getCredentials(ProfileCredentialsProvider.java:135)",
"example.Main$.initializeAwsCredentials(Hello.scala:45)",
"example.Main$.handleRequest(Hello.scala:125)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
}更新
改用InstanceProfileCredentialsProvider会抛出错误:
val provider: InstanceProfileCredentialsProvider = new InstanceProfileCredentialsProvider()
credentials = provider.getCredentials()给了我一个错误:
"cause": {
"errorMessage": "Unable to load credentials from Amazon EC2 metadata service",
"errorType": "com.amazonaws.AmazonClientException",
"stackTrace": [
"com.amazonaws.auth.InstanceProfileCredentialsProvider.handleError(InstanceProfileCredentialsProvider.java:244)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.loadCredentials(InstanceProfileCredentialsProvider.java:225)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:124)",
"example.Main$.initializeAwsCredentials(Hello.scala:46)",
"example.Main$.handleRequest(Hello.scala:126)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
],
"cause": {
"errorMessage": "Connection refused (Connection refused)",
"errorType": "java.net.ConnectException",
"stackTrace": [
"java.net.PlainSocketImpl.socketConnect(Native Method)",
"java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)",
"java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)",
"java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)",
"java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)",
"java.net.Socket.connect(Socket.java:589)",
"sun.net.NetworkClient.doConnect(NetworkClient.java:175)",
"sun.net.www.http.HttpClient.openServer(HttpClient.java:463)",
"sun.net.www.http.HttpClient.openServer(HttpClient.java:558)",
"sun.net.www.http.HttpClient.<init>(HttpClient.java:242)",
"sun.net.www.http.HttpClient.New(HttpClient.java:339)",
"sun.net.www.http.HttpClient.New(HttpClient.java:357)",
"sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)",
"sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)",
"sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)",
"sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)",
"com.amazonaws.internal.EC2MetadataClient.readResource(EC2MetadataClient.java:90)",
"com.amazonaws.internal.EC2MetadataClient.getDefaultCredentials(EC2MetadataClient.java:55)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.loadCredentials(InstanceProfileCredentialsProvider.java:186)",
"com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:124)",
"example.Main$.initializeAwsCredentials(Hello.scala:46)",
"example.Main$.handleRequest(Hello.scala:126)",
"example.Main.handleRequest(Hello.scala)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
}
}在使用lambda时,将以下内容配置为环境变量也会失败:
Lambda was unable to configure your environment variables because the
environment variables you have provided contains reserved keys that are
currently not supported for modification. Reserved keys used in this
request: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY回答 4
Stack Overflow用户
回答已采纳
发布于 2017-12-13 07:17:13
我不确定您是否需要明确的凭据提供程序。在AWS Lambda内部,凭据通过lambda可以承担的角色自动提供。我知道我从来没有明确地这么做过。
Stack Overflow用户
发布于 2019-02-05 09:59:49
在AWS SDK for Java (1.11.4xx)的最新版本中,几乎所有服务都具有可用于快速创建客户端的“客户端构建器”。
val snsClient = AmazonSNSClientBuilder.defaultClient()
val s3Client = AmazonS3ClientBuilder.defaultClient()
val dynamoDbClient = AmazonDynamoDBAsyncClientBuilder.defaultClient()
val sesClient = AmazonSimpleEmailServiceAsyncClientBuilder.defaultClient()
// ...在Lambda中,defaultClient()工作得非常好,因为它将创建一个使用适当提供者的客户端。此提供程序使用具有lambda执行角色中定义的权限的凭据。
在本地环境中,defaultClient也工作得很好,因为它会获取主机凭据。这之所以有效,是因为defaultClient在default credentials provider chain上使用
- 环境变量
- Java系统properties
- Credentials配置文件
- ECS容器配置文件配置文件凭据
这种方法也很简洁,但是您也可以使用客户端构建器使用特定的凭证"setup/configuration“来创建客户端。
用于Java v2的AWS SDK
如果你想使用新版本的Java SDK (>=2.1),有一些create方法可以用来获取客户端(尽管我只是用它来试验新的SDK)
val s3Client = S3AsyncClient.create()
val dynamoDbClient = DynamoDbAsyncClient.create()
// ...Stack Overflow用户
发布于 2017-12-12 08:54:32
对于Lambda函数,您需要使用IAM角色作为凭证。然后,您将使用DefaultAWSCredentialsProviderChain或InstanceProfileCredentialsProvider从IAM角色检索凭据。
Class InstanceProfileCredentialsProvider
下面是一个使用InstanceProfileCredentialsProvider的示例:
AWSCredentialsProvider credentialsProvider = null;
try {
credentialsProvider = new InstanceProfileCredentialsProvider();
// Verify we can fetch credentials
credentialsProvider.getCredentials();
System.out.println("Obtained credentials.");
} catch (AmazonClientException e) {
System.out.println("Unable to obtain credentials", e);
return -1;
}
System.out.println("Using credentials with access key id: " + credentialsProvider.getCredentials().getAWSAccessKeyId());页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/47763573
复制相关文章
相似问题