如何使用java在具有IAM角色的ec2实例上访问dynamodb而无需访问凭据
我想使用Java访问Ec2实例上的Dynamodb。 此Ec2实例已被授予IAM角色,我可以使用aws CLI:aws Dynamodb list table直接访问Dynamodb。 现在我尝试通过Java访问Dynamodb。Java代码应该能够承担角色,但它不起作用如何使用java在具有IAM角色的ec2实例上访问dynamodb而无需访问凭据,java,amazon-dynamodb,amazon-iam,role,Java,Amazon Dynamodb,Amazon Iam,Role,我想使用Java访问Ec2实例上的Dynamodb。 此Ec2实例已被授予IAM角色,我可以使用aws CLI:aws Dynamodb list table直接访问Dynamodb。 现在我尝试通过Java访问Dynamodb。Java代码应该能够承担角色,但它不起作用 public static void main(String[] args) throws Exception { String ROLE_ARN = "arn:aws:iam::...."; AWSSec
public static void main(String[] args) throws Exception {
String ROLE_ARN = "arn:aws:iam::....";
AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient();
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn(ROLE_ARN)
.withDurationSeconds(3600)
.withRoleSessionName("demo");
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials(
assumeResult.getCredentials().getAccessKeyId(),
assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
AmazonDynamoDBClient client = new AmazonDynamoDBClient(temporaryCredentials)
DynamoDB dynamoDB = new DynamoDB(client);
TableCollection<ListTablesResult> tables = dynamoDB.listTables();
Iterator<Table> iterator_t = tables.iterator();
System.out.println("Listing table names");
while (iterator_t.hasNext()) {
Table table = iterator_t.next();
System.out.println(table.getTableName());
}
}
有人知道如何解决这个问题吗?
谢谢。当我完成这项工作时,我从未对这个角色做过任何特别的事情——事实上,我不知道我在使用什么角色。我用的是:
AWSCredentialsProviderChain credentialsProvider;
try {
credentialsProvider = new DefaultAWSCredentialsProviderChain();
}
catch (Exception e) {
throw new RuntimeException("Error loading credentials", e);
}
AmazonDynamoDBClient client = new AmazonDynamoDBClient(credentialsProvider);
使用默认提供程序的优点是,如果我在本地使用~/.aws/凭证进行开发,则使用默认提供程序。如果我在EC2上使用IAM凭据,那么它将被使用。经过长时间的探索,最终找到了以下解决方案
AWSCredentialsProvider provider = new InstanceProfileCredentialsProvider();
AWSCredentials credential = provider.getCredentials();
AmazonDynamoDBClient client = new AmazonDynamoDBClient(credential);
client.setRegion(Region.getRegion(Regions.US_WEST_2));
DynamoDB dynamoDB = new DynamoDB(client);
TableCollection<ListTablesResult> tables = dynamoDB.listTables();
AWSCredentialsProvider=新InstanceProfileCredentialsProvider();
AWSCredentials credentials=provider.getCredentials();
AmazonDynamoDBClient=新的AmazonDynamoDBClient(凭证);
client.setRegion(Region.getRegion(Regions.US_-WEST_2));
DynamoDB DynamoDB=新DynamoDB(客户);
TableCollection tables=dynamoDB.listTables();
此外,还需要正确配置pom.xml中的依赖项以避免冲突,例如,
亚马逊网站
aws java sdk
1.11.72
org.apache.httpcomponents
httpclient
4.5.2
com.fasterxml.jackson.core
杰克逊数据绑定
2.8.5
com.fasterxml.jackson.dataformat
jackson数据格式cbor
2.8.5
感谢您的发帖,stdunbar。对于2019+年阅读此答案的人:构造函数新InstanceProfileCredentialsProvider()
是,您应该使用InstanceProfileCredentialsProvider.getInstance()
。
AWSCredentialsProvider provider = new InstanceProfileCredentialsProvider();
AWSCredentials credential = provider.getCredentials();
AmazonDynamoDBClient client = new AmazonDynamoDBClient(credential);
client.setRegion(Region.getRegion(Regions.US_WEST_2));
DynamoDB dynamoDB = new DynamoDB(client);
TableCollection<ListTablesResult> tables = dynamoDB.listTables();
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.5</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor -->
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
<version>2.8.5</version>
</dependency>