C# 访问密钥或密钥为空,com.amazonaws.auth.InstanceProfileCredentials
我用的是Databricks,我想列一个桶C# 访问密钥或密钥为空,com.amazonaws.auth.InstanceProfileCredentials,c#,.net,amazon-web-services,amazon-iam,databricks,C#,.net,Amazon Web Services,Amazon Iam,Databricks,我用的是Databricks,我想列一个桶 dbutils.fs.ls("s3://mybucket) com.amazonaws.SdkClientException:无法从加载AWS凭据 链中的任何提供程序:[BasicAWSCredentialsProvider:访问密钥或 密钥为空, com.amazonaws.auth。InstanceProfileCredentialsProvider@56e2bc92:无法 加载凭据 我正在使用.net创建IAM角色。为了创建IAM角色和实例配置
dbutils.fs.ls("s3://mybucket)
com.amazonaws.SdkClientException:无法从加载AWS凭据
链中的任何提供程序:[BasicAWSCredentialsProvider:访问密钥或
密钥为空,
com.amazonaws.auth。InstanceProfileCredentialsProvider@56e2bc92:无法
加载凭据
我正在使用.net创建IAM角色。为了创建IAM角色和实例配置文件,我使用了以下代码:
var roleName = "test";
var profileName = "test";
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
Policy policyDoc = GeneratePolicyDocument();
List<Tag> tags = new List<Tag> { };
tags.Add(new Tag { Key = "jobposition", Value = jobPosition });
for (int i = 0; i < functionalGroups.Count; i++)
{
tags.Add(new Tag { Key = String.Format("functionalarea{0}", i), Value = functionalGroups[i] });
}
try
{
// Create a role with the trust policy
var role = client.CreateRole(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = policyDoc.ToJson(),
Tags = tags
});
}
catch (Exception e)
{
Console.Write(e);
}
Policy policyDoc1 = GeneratePolicyDocument1();
// Add the access policy to the role
try
{
client.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = roleName,
PolicyName = "testrole2",
PolicyDocument = policyDoc1.ToJson()
});
}
catch (Exception e)
{
Console.Write(e);
}
try
{
// Create an instance profile
client.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = profileName
});
}
catch (Exception e)
{
Console.Write(e);
}
try
{
// Add the role to the instance profile
client.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
{
InstanceProfileName = profileName,
RoleName = roleName
});
}
catch (Exception e)
{
Console.Write(e);
}
public Policy GeneratePolicyDocument()
{
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
var statements = new List<Amazon.Auth.AccessControlPolicy.Statement>();
var actions = new List<ActionIdentifier>();
var resources = new List<Resource>();
var principal = new List<Principal>();
actions.Add(new ActionIdentifier("sts:AssumeRole"));
principal.Add(new Principal("123123123123"));
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
{
Actions = actions,
Principals = principal
};
statements.Add(statement);
Policy policy = new Policy
{
Version = "2012-10-17",
Statements = statements
};
return policy;
}
public Policy GeneratePolicyDocument1()
{
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
var statements = new List<Amazon.Auth.AccessControlPolicy.Statement>();
var actions = new List<ActionIdentifier>();
var resources = new List<Resource>();
var principal = new List<Principal>();
actions.Add(new ActionIdentifier("sts:AssumeRole"));
resources.Add(new Resource("*"));
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
{
Actions = actions,
Resources = resources
};
statements.Add(statement);
Policy policy = new Policy
{
Version = "2012-10-17",
Statements = statements
};
return policy;
}
}
var roleName=“测试”;
var profileName=“测试”;
var client=新的AmazonIdentityManagementServiceClient(aws_access_key_id、aws_secret_access_key、RegionEndpoint.EUWest1);
Policy policyDoc=GeneratePolicyDocument();
列表标签=新列表{};
添加(新标记{Key=“jobposition”,Value=jobposition});
for(int i=0;i
为了生成策略,我使用了下面的代码:
var roleName = "test";
var profileName = "test";
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
Policy policyDoc = GeneratePolicyDocument();
List<Tag> tags = new List<Tag> { };
tags.Add(new Tag { Key = "jobposition", Value = jobPosition });
for (int i = 0; i < functionalGroups.Count; i++)
{
tags.Add(new Tag { Key = String.Format("functionalarea{0}", i), Value = functionalGroups[i] });
}
try
{
// Create a role with the trust policy
var role = client.CreateRole(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = policyDoc.ToJson(),
Tags = tags
});
}
catch (Exception e)
{
Console.Write(e);
}
Policy policyDoc1 = GeneratePolicyDocument1();
// Add the access policy to the role
try
{
client.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = roleName,
PolicyName = "testrole2",
PolicyDocument = policyDoc1.ToJson()
});
}
catch (Exception e)
{
Console.Write(e);
}
try
{
// Create an instance profile
client.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = profileName
});
}
catch (Exception e)
{
Console.Write(e);
}
try
{
// Add the role to the instance profile
client.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
{
InstanceProfileName = profileName,
RoleName = roleName
});
}
catch (Exception e)
{
Console.Write(e);
}
public Policy GeneratePolicyDocument()
{
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
var statements = new List<Amazon.Auth.AccessControlPolicy.Statement>();
var actions = new List<ActionIdentifier>();
var resources = new List<Resource>();
var principal = new List<Principal>();
actions.Add(new ActionIdentifier("sts:AssumeRole"));
principal.Add(new Principal("123123123123"));
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
{
Actions = actions,
Principals = principal
};
statements.Add(statement);
Policy policy = new Policy
{
Version = "2012-10-17",
Statements = statements
};
return policy;
}
public Policy GeneratePolicyDocument1()
{
var client = new AmazonIdentityManagementServiceClient(aws_access_key_id, aws_secret_access_key, RegionEndpoint.EUWest1);
var statements = new List<Amazon.Auth.AccessControlPolicy.Statement>();
var actions = new List<ActionIdentifier>();
var resources = new List<Resource>();
var principal = new List<Principal>();
actions.Add(new ActionIdentifier("sts:AssumeRole"));
resources.Add(new Resource("*"));
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
{
Actions = actions,
Resources = resources
};
statements.Add(statement);
Policy policy = new Policy
{
Version = "2012-10-17",
Statements = statements
};
return policy;
}
}
公共政策生成政策文档()
{
var client=新的AmazonIdentityManagementServiceClient(aws_access_key_id、aws_secret_access_key、RegionEndpoint.EUWest1);
var语句=新列表
我猜我创建实例配置文件的方式不好,但我不知道如何修复它。您是否将InstanceRole附加到实例?此外,在sts:AssumeRole中,主体应该是ec2“principal”:{“Service”:“ec2.amazonaws.com”}
取自。您应该首先尝试通过aws控制台执行,然后通过编程执行。是的,这就是解决方案。“主体”:{“服务”:“ec2.amazonaws.com”}您是否将InstanceRole附加到实例?此外,在sts:AssumeRole中,主体应为ec2“主体”:{“服务”:“ec2.amazonaws.com”}
摘自。您应该首先尝试通过aws控制台执行,然后通过编程执行。是的,这就是解决方案。“主体”:{“服务”:“ec2.amazonaws.com”}