Amazon web services 如何修复';InvalidClientTokenId:请求中包含的安全令牌无效;AWS Lambda中的错误
我第一次使用Serverless,在一个VPC中有一个Lambda,该VPC试图向SQS队列添加有效负载,这会导致以下错误Amazon web services 如何修复';InvalidClientTokenId:请求中包含的安全令牌无效;AWS Lambda中的错误,amazon-web-services,lambda,amazon-iam,amazon-sqs,serverless-framework,Amazon Web Services,Lambda,Amazon Iam,Amazon Sqs,Serverless Framework,我第一次使用Serverless,在一个VPC中有一个Lambda,该VPC试图向SQS队列添加有效负载,这会导致以下错误InvalidClientTokenId:请求中包含的安全令牌无效。 该错误意味着访问密钥丢失或无效,这使我感到困惑并寻求帮助。这是我的serverless.yml文件 service: my-service provider: name: aws runtime: nodejs8.10 stage: prod region: us-east-1 tim
InvalidClientTokenId:请求中包含的安全令牌无效。
该错误意味着访问密钥丢失或无效,这使我感到困惑并寻求帮助。这是我的serverless.yml文件
service: my-service
provider:
name: aws
runtime: nodejs8.10
stage: prod
region: us-east-1
timeout: 600
memorySize: 512
versionFunctions: false
package:
excludeDevDependencies: true
exclude:
- .git/**
- .vscode/**
- .test/**
# Global Environment variables
environment:
${file(./configs/${self:provider.stage}.yml)}
# Permissions for all of your functions can be set here
iamRoleStatements:
# Gives permission to add to s3 buckets
- Effect: Allow
Action:
- s3:PutObject
- s3:DeleteObject
Resource: "*"
# Gives permission to Lambda execution
- Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:InvokeAsync
Resource: "*"
# Gives permission to SQS
- Effect: Allow
Action:
- sqs:DeleteMessage
- sqs:ReceiveMessage
- sqs:SendMessage
Resource: "*"
custom:
region: ${self:provider.region}
stage: ${opt:stage, self:provider.stage}
prefix: ${self:custom.stage}-${self:service}
sqs-forms-schedule: ${self:custom.prefix}-messages-forms-schedule
sqs-forms-late: ${self:custom.prefix}-messages-forms-late
sqs-coc-schedule: ${self:custom.prefix}-messages-coc-schedule
sqs-certificates-expired: ${self:custom.prefix}-messages-certificates-expired
s3-coc-storage: ${self:custom.prefix}-storage-coc
serverless-offline:
host: '0.0.0.0'
# Dev
serverless-offline-sqs-esmq:
apiVersion: '2012-11-05'
endpoint: http://sqs:9324
region: us-east-1
accessKeyId: root
secretAccessKey: root
plugins:
- serverless-pseudo-parameters
- serverless-plugin-aws-alerts
- serverless-offline-scheduler
- serverless-offline-sqs-esmq
- serverless-offline
functions:
${file(serverless-dynamic.js)}
resources:
Resources:
# Policy to allow for VPC connection
AWSLambdaVPCAccessExecutionRole:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Creating policy for vpc connection
Roles:
- { "Ref": "IamRoleLambdaExecution" }
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
# SQS Queue to schedule a form for submission
FormScheduleQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-forms-schedule}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule a late form for reminder
FormLateQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-forms-late}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule a coc for submission
COCScheduleQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-coc-schedule}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
# SQS Queue to schedule an expired certificate for reminder
CertificatesExpiredQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.sqs-certificates-expired}
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
我已尝试创建新的访问密钥
这是发送给SQS的代码
sendToQueue: (message, queue) => {
const params = {
QueueUrl: queue,
MessageBody: JSON.stringify(message),
};
return new Promise((resolve, reject) => {
sqs.sendMessage(params, (error, data) => {
if (error) {
reject(error);
} else {
resolve(data);
}
});
});
},
您可以共享尝试向SQS发送消息的代码吗?@ChetanRanpariya我在上面添加了SQS代码。如何获取
队列的值?您是否在sqs
上调用GetQueueUrl?部署函数后,是否检查角色是否与函数关联,以及角色是否具有必要的权限?能否共享尝试向SQS发送消息的代码?@ChetanRanpariya我在上面添加了SQS代码。如何获取队列
的值?您是否在sqs
上调用GetQueueUrl?部署函数后,是否检查角色是否与函数关联,以及角色是否具有必要的权限?