Java 从EC2获取运动的问题
我有一些java代码,可以从Kinesis中提取记录。它在我的笔记本电脑上运行正常(不考虑IP),但当我尝试在EC2上运行它时,会出现以下错误:Java 从EC2获取运动的问题,java,amazon-ec2,amazon-kinesis,Java,Amazon Ec2,Amazon Kinesis,我有一些java代码,可以从Kinesis中提取记录。它在我的笔记本电脑上运行正常(不考虑IP),但当我尝试在EC2上运行它时,会出现以下错误: Exception in thread "main" com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain at com.amazonaws.auth.AWSCredentialsProviderChain.ge
Exception in thread "main" com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1119)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:759)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:723)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454)
at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431)
AWSSecurityTokenServiceClient sts = new AWSSecurityTokenServiceClient();
AssumeRoleResult assumeRoleResult = sts.assumeRole(new AssumeRoleRequest()
.withRoleArn(config.getString("kinesis/arn"))
.withExternalId(config.getString("kinesis/external_id"))
.withRoleSessionName(config.getString("kinesis/role_session_name")));
Per@prayagupd Ive更新了EC2实例以包含此策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:Get*",
"kinesis:List*",
"kinesis:Describe*"
],
"Resource": "*"
}
]
}
Exception in thread "main" com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException:
User: arn:aws:sts::12345:assumed-role/kinesis-consumer/i-cab01a5
is not authorized to perform:
sts:AssumeRole on resource: arn:aws:iam::12345:role/kinesis-consumer
从您的ec2,您需要通过您的服务器进行身份验证 我使用以下代码,该代码通过属性
AwsProfileNameLoader连接到kinesis。AWS\u PROFILE\u SYSTEM\u属性(~/.AWS/credentials)~/.AWS/credentialsDefaultAWSCredentialsProviderChain~/.aws/credentials/**
* provides credentials for a client to make connection to the elastic cloud instance
*
* @return DefaultAWSCredentialsProviderChain
*/
private DefaultAWSCredentialsProviderChain getAuthProfileCredentials() {
if (myAppConfig.getProperty("authentication.profile") != null) {
System.setProperty(AwsProfileNameLoader.AWS_PROFILE_SYSTEM_PROPERTY, myAppConfig.getProperty("authentication.profile"));
}
return new DefaultAWSCredentialsProviderChain();
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:*"
],
"Resource": [
"arn:aws:kinesis:us-west-2:*:stream/*"
]
}
]
}
awsAWS默认情况下会按此处列出的顺序(凭证链)查找凭证,是否确实按此处所述设置了凭证?什么是配置对象以及您是如何创建它的?我仍然不明白为什么我的代码会在开发笔记本电脑上运行,而不是在EC2上运行。您是否在本地使用
~/.aws/credentials~/.aws/credentialsaws kinesis list streamsaws kinesis create-stream --stream-name gregor-samsa-ping --shard-count 1 --region us-west-2
aws kinesis list-streams --region us-west-2
{
"StreamNames": [
"gregor-samsa-ping"
]
}