问题
I have ~/.aws/credentials and config files and my code is below
clientConfiguration.setProxyHost("MYPROXY");
clientConfiguration.setProxyPort(port);
clientConfiguration.setProxyUsername("username");
clientConfiguration.setProxyPassword("pw");
clientConfiguration.setPreemptiveBasicProxyAuth(false);
AmazonDynamoDBClient client = new AmazonDynamoDBClient(new ProfileCredentialsProvider("MY_PROFILE"),clientConfiguration);
//client.withRegion(Regions.US_EAST_1);
DynamoDBMapper mapper = new DynamoDBMapper(client);
// Get a book - Id=101
GetBook(mapper, 101);
I am getting below exception everytime.I can see session token in my credential file in ~/.aws/credentials
Error running the DynamoDBMapperQueryScanExample: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
AWS SDK 1.11.24 java Credentials file
[TES1_AWS_STSdigital_Dev_Developer]
aws_access_key_id = XXXXX
aws_secret_access_key = AAAAA
aws_security_token = BBBBBBBB
token_expiration = 2016-08-08T16:34:48Z
[TEST2_AWS_TEST_Dev_ReadOnly]
aws_access_key_id = MMMMMM
aws_secret_access_key = NNNNNN
aws_security_token = OOOOOOO
token_expiration = 2016-08-08T16:34:48Z
[TEST3_AWS_STSdigital_Prod_ProdSupport]
aws_access_key_id = KKKKKKK
aws_secret_access_key = LLLLLLLLL
aws_security_token =FFFFFFFF
token_expiration = 2016-08-08T16:34:48Z
[TEST4_AWS_STSdigital_Prod_Monitoring]
aws_access_key_id = WWWWWW
aws_secret_access_key = SSSSSSSS
aws_security_token = VVVVVVVVV
token_expiration = 2016-08-08T16:34:48Z
config file in ~/.aws/config
[DEFAULT]
scope = urn:amazon:webservices
[saml_provider]
url = https://myprivatesssaccess
default_region = us-east-1
[profile TEST1_AWS_STSdigital_Dev_Developer]
saml_role = arn:aws:iam::44444444:role/TEST1_AWS_STSdigital_Dev_Developer
region = us-east-1
[profile TEST2_AWS_TEST_Dev_ReadOnly]
saml_role = arn:aws:iam::3333333:role/TEST2_AWS_TEST_Dev_ReadOnly
region = us-east-1
[profile TEST3_STSdigital_Prod_ProdSupport]
saml_role = arn:aws:iam::222222:role/TEST3_AWS_STSdigital_Prod_ProdSupport
region = us-east-1
[profile TEST4_AWS_STSdigital_Prod_Monitoring]
saml_role = arn:aws:iam::1111111:role/TEST4_AWS_STSdigital_Prod_Monitoring
region = us-east-1
回答1:
I received this error when I had my region set to RegionEndpoint.APEast1 instead of RegionEndpoint.USEast1. My error, I accepted the first "East1" string I saw in intellisense.
回答2:
Start with the simple things. Have you checked the permissions on the files? At least from Linux they need to be 600 or user read/write, group and world no access.
Have you checked the AWS side to verify that these credentials are associated with the account you are trying to use?
Can you run a simple command that uses the credentials? The CLI aws command from Amazon is a perfect place to start.
aws ec2 help
is good first check. Then try to access some information that is generally available, like the spot EC2 instance price history:
aws ec2 describe-spot-price-history --prod "Linux/UNIX" --start-time 2016-08-15
should give you thousands of lines of output. Then try to access some of your own account info:
aws ec2 describe-instances
At this point, you know everything is working from the CLI. The next step is to very Java connectivity, which should just work now if you run it from the same machine with the same home directory where ~/.aws/ is found.
I use DynamoDB access from Java every day. Once you clear a few hurdles it works great.
来源:https://stackoverflow.com/questions/38800742/dynamodb-the-security-token-included-in-the-request-is-invalid-unrecognizedclien