Amazon web services AWS联合角色访问在使用STSAssumeRoleSessionCredentialsProvider 1小时后不刷新
我使用AWS Federated/Aspect角色将数据读写到S3中。我的工作大约需要1小时30分钟。正常情况下,它的会话在1小时后到期。我尝试使用STSAssumeRoleSessionCredentialsProvider。但这也失败了 我在跟踪这个链接- 我的代码Amazon web services AWS联合角色访问在使用STSAssumeRoleSessionCredentialsProvider 1小时后不刷新,amazon-web-services,amazon-s3,amazon-ec2,aws-sdk,amazon-iam,Amazon Web Services,Amazon S3,Amazon Ec2,Aws Sdk,Amazon Iam,我使用AWS Federated/Aspect角色将数据读写到S3中。我的工作大约需要1小时30分钟。正常情况下,它的会话在1小时后到期。我尝试使用STSAssumeRoleSessionCredentialsProvider。但这也失败了 我在跟踪这个链接- 我的代码 import com.amazonaws.AmazonServiceException; import com.amazonaws.SdkClientException; import com.amazonaws.auth.AW
import com.amazonaws.AmazonServiceException;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.policy.Policy;
import com.amazonaws.auth.policy.Resource;
import com.amazonaws.auth.policy.Statement;
import com.amazonaws.auth.policy.Statement.Effect;
import com.amazonaws.auth.policy.actions.S3Actions;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;
import java.io.IOException;
public class MakingRequestsWithFederatedTempCredentials {
public static void main(String[] args) throws IOException {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "my_bucket";
String federatedUser = "fed_user";
String resourceARN = "arn:aws:s3:::" + bucketName;
try {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(clientRegion)
.build();
GetFederationTokenRequest federationTokenRequest = new GetFederationTokenRequest();
federationTokenRequest.setDurationSeconds(3600);
federationTokenRequest.setName(federatedUser);
// Get the temporary security credentials.
GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(federationTokenRequest);
Credentials sessionCredentials = federationTokenResult.getCredentials();
// Package the session credentials as a BasicSessionCredentials
// object for an Amazon S3 client object to use.
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new STSAssumeRoleSessionCredentialsProvider.Builder(resourceARN, federatedUser).withStsClient(stsClient).build())
.withRegion(clientRegion)
.build();
//here my spark job is being called..
// using s3Client
} catch (Exception e) {
e.printStackTrace();
}
}
}
S3客户机可能会更新其凭据,但您在集群中进行的spark工作不会获得任何新值 您可以将假定角色的寿命更改为12小时吗?您应该能够在该期间请求一组角色凭据&这样您的工作在其整个生命周期中都将拥有有效的会话机密