首页

AWS Java 开发工具包在使用 AWS SSO 时找不到配置文件

java amazon-web-services sdk single-sign-on
2022-09-04 01:55:27

使用 AWS SSO 登录时,我无法访问 aws。我使用以下方法从计算机登录:

aws sso login --profile staging

配置文件的配置如下:

[profile staging]
sso_start_url = https://som-nice-working-url
sso_region = us-east-1
sso_account_id = 1234
sso_role_name = the-role-name
region = eu-west-1
output = yaml

登录后,我可以通过 aws cli 访问 aws。

然后我设置了变量:但是在java上,我得到了以下异常:AWS_PROFILE=staging

com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@369a95a5: No AWS profile named 'staging', com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@6d6f6ca9: Failed to connect to service endpoint: ]

我尝试过使用带有“暂存”的ProfileCredentialsProvider,但结果是相同的。

我应该使用什么?CredentialsProvider

我的代码正在使用 DefaultProviderChain:

AWSGlueClient.builder()
            .withRegion("eu-west-1")
            .build()

谢谢。


答案 1

对于 Java 应用程序,您将需要 SSO 依赖项

截至撰写最新版本2.16.76

// Gradle example
dependencies {
    
    implementation(platform("software.amazon.awssdk:bom:2.16.70"))
    implementation("software.amazon.awssdk:sso:2.16.76")
}

您还需要在 或 中设置配置文件default~/.aws/configuration~/.aws/credentials

更多信息如下:

https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/setup.html#setup-credentials https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/setup-additional.html#setup-additional-credentials

但是,您还应该能够将环境变量设置为配置文件,并且它应该在没有SSO依赖项的情况下神奇地工作。AWS_PROFILE

在您的示例中,具体而言:

AWS_PROFILE=staging

答案 2

在我的情况下,只需添加 aws-sso 依赖项:

    <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>sso</artifactId>
    </dependency>

允许默认凭据提供程序链在 以下位置选取 sso:ProfileCredentialsProviderProfile credentials provider with sso profile

要开箱即用,您需要指定配置文件。否则,仅使用 也适用于 。[default].credentialsProvider(ProfileCredentialsProvider.create("xyz"))[profile xyz]

如果全部失败,请手动添加凭据提供程序:

  1. 设置配置文件.aws/config
  2. 使用 cli 登录aws sso login --profile <your_profile>
  3. 生成一个 json 文件,其中包含此处所述的内容.aws/sso/cache 
{
 "startUrl": "https://my-sso-portal.awsapps.com/start",
 "region": "us-east-1",
 "accessToken": "eyJlbmMiOiJBM….",
 "expiresAt": "2020-06-17T10:02:08UTC"
}
  1. 在项目中包含依赖关系software.amazon.awssdk:sso
  2. 使用 json 文件中的数据创建:SsoCredentialsProvider
CredentialsProvider ssoCredentialsProvider = ((SsoCredentialsProvider.Builder) SsoCredentialsProvider.builder())
.ssoClient(SsoClient.builder().region(<REGION_FROM_JSON>).build())
.refreshRequest( () ->
    GetRoleCredentialsRequest.builder()
      .roleName("<ROLE_FROM_PROFILE>")
      .accountId("<ACCOUNT_ID_FROM_PROFILE>")
      .accessToken("<ACCESS_TOKEN_FROM_JSON>")
      .build()
).build();

推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »