DynamoDB The security token included in the request is invalid UnrecognizedClientException

。_饼干妹妹 提交于 2021-02-07 13:34:22

问题


I have ~/.aws/credentials and config files and my code is below

clientConfiguration.setProxyHost("MYPROXY");
            clientConfiguration.setProxyPort(port);
            clientConfiguration.setProxyUsername("username");
            clientConfiguration.setProxyPassword("pw");
            clientConfiguration.setPreemptiveBasicProxyAuth(false);


            AmazonDynamoDBClient client = new AmazonDynamoDBClient(new ProfileCredentialsProvider("MY_PROFILE"),clientConfiguration);

         //client.withRegion(Regions.US_EAST_1);
         DynamoDBMapper mapper = new DynamoDBMapper(client);

         // Get a book - Id=101
         GetBook(mapper, 101);

I am getting below exception everytime.I can see session token in my credential file in ~/.aws/credentials

Error running the DynamoDBMapperQueryScanExample: com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)
    com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: S0NTUAHKE57VC68FM3CVBOFAKFVV4KQNSO5AEMVJF66Q9ASUAAJG)

AWS SDK 1.11.24 java Credentials file

[TES1_AWS_STSdigital_Dev_Developer]
aws_access_key_id = XXXXX
aws_secret_access_key = AAAAA
aws_security_token = BBBBBBBB
token_expiration = 2016-08-08T16:34:48Z

[TEST2_AWS_TEST_Dev_ReadOnly]
aws_access_key_id = MMMMMM
aws_secret_access_key = NNNNNN
aws_security_token = OOOOOOO
token_expiration = 2016-08-08T16:34:48Z

[TEST3_AWS_STSdigital_Prod_ProdSupport]
aws_access_key_id = KKKKKKK
aws_secret_access_key = LLLLLLLLL
aws_security_token =FFFFFFFF
token_expiration = 2016-08-08T16:34:48Z

[TEST4_AWS_STSdigital_Prod_Monitoring]
aws_access_key_id = WWWWWW
aws_secret_access_key = SSSSSSSS
aws_security_token = VVVVVVVVV
token_expiration = 2016-08-08T16:34:48Z

config file in ~/.aws/config

[DEFAULT]
scope = urn:amazon:webservices

[saml_provider]
url = https://myprivatesssaccess
default_region = us-east-1

[profile TEST1_AWS_STSdigital_Dev_Developer]
saml_role = arn:aws:iam::44444444:role/TEST1_AWS_STSdigital_Dev_Developer
region = us-east-1

[profile TEST2_AWS_TEST_Dev_ReadOnly]
saml_role = arn:aws:iam::3333333:role/TEST2_AWS_TEST_Dev_ReadOnly
region = us-east-1

[profile TEST3_STSdigital_Prod_ProdSupport]
saml_role = arn:aws:iam::222222:role/TEST3_AWS_STSdigital_Prod_ProdSupport
region = us-east-1

[profile TEST4_AWS_STSdigital_Prod_Monitoring]
saml_role = arn:aws:iam::1111111:role/TEST4_AWS_STSdigital_Prod_Monitoring
region = us-east-1

回答1:


I received this error when I had my region set to RegionEndpoint.APEast1 instead of RegionEndpoint.USEast1. My error, I accepted the first "East1" string I saw in intellisense.




回答2:


Start with the simple things. Have you checked the permissions on the files? At least from Linux they need to be 600 or user read/write, group and world no access.

Have you checked the AWS side to verify that these credentials are associated with the account you are trying to use?

Can you run a simple command that uses the credentials? The CLI aws command from Amazon is a perfect place to start.

aws ec2 help

is good first check. Then try to access some information that is generally available, like the spot EC2 instance price history:

aws ec2 describe-spot-price-history --prod "Linux/UNIX" --start-time 2016-08-15

should give you thousands of lines of output. Then try to access some of your own account info:

aws ec2 describe-instances

At this point, you know everything is working from the CLI. The next step is to very Java connectivity, which should just work now if you run it from the same machine with the same home directory where ~/.aws/ is found.

I use DynamoDB access from Java every day. Once you clear a few hurdles it works great.



来源:https://stackoverflow.com/questions/38800742/dynamodb-the-security-token-included-in-the-request-is-invalid-unrecognizedclien

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!