即使存在IAM~java sdk,配置文件也不能为空错误AWS
我在ec2实例上有一个角色,该角色对另一个角色具有“假定角色”权限。我已设置了信任关系,因此不应成为问题。我有以下代码来获取IAM凭据:即使存在IAM~java sdk,配置文件也不能为空错误AWS,java,amazon-web-services,aws-sdk,amazon-iam,aws-sts,Java,Amazon Web Services,Aws Sdk,Amazon Iam,Aws Sts,我在ec2实例上有一个角色,该角色对另一个角色具有“假定角色”权限。我已设置了信任关系,因此不应成为问题。我有以下代码来获取IAM凭据: public class AwsCredentialsHelper { private static final String ROLE_ARN_PROPERTY = "aws.role.arn"; private static final Logger logger = LogManager.getLogger("InfraLogger")
public class AwsCredentialsHelper {
private static final String ROLE_ARN_PROPERTY = "aws.role.arn";
private static final Logger logger = LogManager.getLogger("InfraLogger");
private AwsCredentialsHelper() {
}
public static AWSCredentialsProvider getCredentialsProvider(String clientId, AWSCredentialsProvider defaultProvider) {
String roleArn = getRoleArnProperty();
if (roleArn != null) {
if (logger.isDebugEnabled()) {
logger.debug("Using assume role credentials provider for role {}", roleArn);
}
return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, clientId).build();
} else {
if (logger.isDebugEnabled()) {
logger.debug("Using default credentials provider");
}
return defaultProvider;
}
}
这对我来说是失败的:
18:59:47.516 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
18:59:47.516 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
18:59:47.516 [main] DEBUG org.springframework.jmx.export.annotation.AnnotationMBeanExporter - Unregistering JMX-exposed beans
18:59:47.523 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from com.amazonaws.auth.profile.ProfileCredentialsProvider@c745363: profile file cannot be null
它看起来是在看前三个地方,但从来没有经过下一个地方(包括iam角色)。我们显然没有凭据文件设置。相同的代码在不同的设置中对我起作用,因此我不知道我是否正确执行了此操作?您在哪里运行此代码?在已分配角色的ec2实例上,或在其他计算机上?在已分配角色的ec2上。