Amazon web services AWS联合角色访问在使用STSAssumeRoleSessionCredentialsProvider 1小时后不刷新_Amazon Web Services_Amazon S3_Amazon Ec2_Aws Sdk_Amazon Iam

Amazon web services AWS联合角色访问在使用STSAssumeRoleSessionCredentialsProvider 1小时后不刷新

amazon-web-services amazon-s3 amazon-ec2

Amazon web services AWS联合角色访问在使用STSAssumeRoleSessionCredentialsProvider 1小时后不刷新,amazon-web-services,amazon-s3,amazon-ec2,aws-sdk,amazon-iam,Amazon Web Services,Amazon S3,Amazon Ec2,Aws Sdk,Amazon Iam,我使用AWS Federated/Aspect角色将数据读写到S3中。我的工作大约需要1小时30分钟。正常情况下，它的会话在1小时后到期。我尝试使用STSAssumeRoleSessionCredentialsProvider。但这也失败了我在跟踪这个链接- 我的代码 import com.amazonaws.AmazonServiceException; import com.amazonaws.SdkClientException; import com.amazonaws.auth.AW

我使用AWS Federated/Aspect角色将数据读写到S3中。我的工作大约需要1小时30分钟。正常情况下，它的会话在1小时后到期。我尝试使用STSAssumeRoleSessionCredentialsProvider。但这也失败了

我在跟踪这个链接-

我的代码

import com.amazonaws.AmazonServiceException;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.policy.Policy;
import com.amazonaws.auth.policy.Resource;
import com.amazonaws.auth.policy.Statement;
import com.amazonaws.auth.policy.Statement.Effect;
import com.amazonaws.auth.policy.actions.S3Actions;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;

import java.io.IOException;

public class MakingRequestsWithFederatedTempCredentials {

    public static void main(String[] args) throws IOException {
        Regions clientRegion = Regions.DEFAULT_REGION;
        String bucketName = "my_bucket";
        String federatedUser = "fed_user";
        String resourceARN = "arn:aws:s3:::" + bucketName;

        try {
            AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
                    .standard()
                    .withCredentials(new ProfileCredentialsProvider())
                    .withRegion(clientRegion)
                    .build();

            GetFederationTokenRequest federationTokenRequest = new GetFederationTokenRequest();
            federationTokenRequest.setDurationSeconds(3600);
            federationTokenRequest.setName(federatedUser);

            // Get the temporary security credentials.
            GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(federationTokenRequest);
            Credentials sessionCredentials = federationTokenResult.getCredentials();

            // Package the session credentials as a BasicSessionCredentials
            // object for an Amazon S3 client object to use.
            BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
                    sessionCredentials.getAccessKeyId(),
                    sessionCredentials.getSecretAccessKey(),
                    sessionCredentials.getSessionToken());
            AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
                    .withCredentials(new STSAssumeRoleSessionCredentialsProvider.Builder(resourceARN, federatedUser).withStsClient(stsClient).build())
                    .withRegion(clientRegion)
                    .build();

            //here my spark job is being called..
            // using s3Client
            
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

S3客户机可能会更新其凭据，但您在集群中进行的spark工作不会获得任何新值

您可以将假定角色的寿命更改为12小时吗？您应该能够在该期间请求一组角色凭据&这样您的工作在其整个生命周期中都将拥有有效的会话机密