如果我的问题很基本,请原谅我,但我是 AWS 的新手。我正在使用 Java 创建一个 lambda 函数,该函数可以承担另一个 AWS 账户的角色。我在另一个账户上创建了角色,在这个账户上创建了角色来承担该角色,并将该角色附加到我的 lambda 函数。(我已经使用用 Javascript 编写的 Lambda 函数测试了这些角色并且可以正常工作,因此应该正确设置它们)。
在我的 lambda 函数的代码中,我试图承担这个角色,以便我可以从另一个帐户访问某些服务。但是,如错误消息中所示,我收到“配置文件不能为空”,我不确定这意味着什么。
public String handleRequest(Map<String,String> event, Context context)
{
String clientRegion = "us-east-1";
String roleARN = "ARN_OF_ROLE_ON_THIS_ACC";
String roleSessionName = "session";
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(clientRegion)
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(roleARN)
.withRoleSessionName(roleSessionName);
//The line below causes the error
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
BasicSessionCredentials awsCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
//do other stuff here
}
错误信息:
"errorMessage": "profile file cannot be null",
"errorType": "java.lang.IllegalArgumentException",
"stackTrace": [
"com.amazonaws.util.ValidationUtils.assertNotNull(ValidationUtils.java:37)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:142)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:133)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:100)",
"com.amazonaws.auth.profile.ProfileCredentialsProvider.getCredentials(ProfileCredentialsProvider.java:135)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:833)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:783)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1728)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1695)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1684)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:488)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:457)",
"com.amazon.amazonstoresadminportallambda.handlers.TestHandler.handleRequest(TestHandler.java:80)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
谁能帮我这个?提前致谢!
您的 Lambda 函数代码尝试从其环境中读取凭证。为此,它使用ProfileCredentialsProvider显然假定存在~/.aws/credentials不存在的文件。
尝试DefaultAWSCredentialsProviderChain,它应该从更多位置(环境变量、凭证文件、EC2 IAM 角色、Lambda IAM 角色等)读取凭证:
AWSSecurityTokenService stsClient =
AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(clientRegion)
.build();
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句