无法从链中的任何提供商加载 AWS 凭证 Spring Cloud Stream Kinesis 活页夹
Unable to load AWS credentials from any provider in the chain Spring Cloud Stream Kinesis binder
如果不使用系统级别的默认配置,我无法连接到 Spring Cloud Stream Kinesis binder (1.2.0.RELEASE) 中的 AWS kinesis。只有当系统已经配置为使用默认配置文件并且访问密钥 ID 和秘密访问密钥设置为 [默认] 配置文件时,应用程序才能运行。否则,它无法通过抛出此异常来连接到 AWS 资源:
Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@3b2c8bda: Unable to load credentials from service endpoint, com.amazonaws.auth.profile.ProfileCredentialsProvider@688d619c: No AWS profile named 'default']
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1225)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:801)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:751)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.doInvoke(AmazonDynamoDBClient.java:3768)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:3737)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.executeDescribeTable(AmazonDynamoDBClient.java:1836)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.describeTable(AmazonDynamoDBClient.java:1804)
at com.amazonaws.services.dynamodbv2.document.Table.describe(Table.java:137)
at org.springframework.integration.aws.metadata.DynamoDbMetadataStore.afterPropertiesSet(DynamoDbMetadataStore.java:145)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1837)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1774)
我尝试了以下选项,none 对我有用:
- 设置环境变量
AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY
- 设置Java系统属性
aws.accessKeyId和aws.secretKey
- 在
application.yml 文件中设置 cloud.aws.credentials.accessKey 和 cloud.aws.credentials.secretKey。
我解决了这个问题。
我认为 spring-cloud-starter-aws 无法自动配置。
所以我像这样以编程方式设置访问密钥和秘密密钥:
@Configuration
class AWSS3Configuration {
@Value("${cloud.aws.credentials.access-key}")
val accessKey: String = ""
@Value("${cloud.aws.credentials.secret-key}")
val secretKey: String = ""
@Bean
fun amazonS3(): AmazonS3 =
AmazonS3ClientBuilder.standard()
.withCredentials(AWSStaticCredentialsProvider(BasicAWSCredentials(accessKey, secretKey)))
.build()
}
似乎由于某种原因,AWSCredentialProvider bean 加载不正确,所以我可以通过设置以下 bean 来临时解决这个问题。这不是一个正确的修复,但它确实解除了我的工作障碍:
@Configuration
public class AWSCredentialProvider {
@Value("${aws.access-key}")
protected String accessKey;
@Value("${aws.secret-key}")
protected String secretKey;
@Bean
@Primary
public AWSCredentialsProvider buildAWSCredentialsProvider() {
AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
return new AWSStaticCredentialsProvider(awsCredentials);
}
}
这简直让我抓狂。通过AWS代码仔细追查,发现如果设置系统属性
cloud.aws.credentials.use-default-aws-credentials-chain: true
切换到DefaultAWSCredentialsProviderChain。否则,它使用两个提供者的链 - EC2ContainerCredentialsProviderWrapper 和 ProfileCredentialsProvider.
这适用于 Spring Boot 2.3.4。对于版本 2.2.5,系统 属性 是
cloud.aws.credentials.useDefaultAwsCredentialsChain: true
我没研究过是什么版本改成kebab case的。否则,它将忽略在环境变量或系统属性中传递的凭据。此代码位于 ContextCredentialsAutoConfiguration.registerBeanDefinitions().
设置instance-profile: true 在 ECS 环境中对我有用。
cloud:
aws:
credentials:
instance-profile: true
如果不使用系统级别的默认配置,我无法连接到 Spring Cloud Stream Kinesis binder (1.2.0.RELEASE) 中的 AWS kinesis。只有当系统已经配置为使用默认配置文件并且访问密钥 ID 和秘密访问密钥设置为 [默认] 配置文件时,应用程序才能运行。否则,它无法通过抛出此异常来连接到 AWS 资源:
Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@3b2c8bda: Unable to load credentials from service endpoint, com.amazonaws.auth.profile.ProfileCredentialsProvider@688d619c: No AWS profile named 'default']
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1225)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:801)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:751)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.doInvoke(AmazonDynamoDBClient.java:3768)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:3737)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.executeDescribeTable(AmazonDynamoDBClient.java:1836)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.describeTable(AmazonDynamoDBClient.java:1804)
at com.amazonaws.services.dynamodbv2.document.Table.describe(Table.java:137)
at org.springframework.integration.aws.metadata.DynamoDbMetadataStore.afterPropertiesSet(DynamoDbMetadataStore.java:145)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1837)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1774)
我尝试了以下选项,none 对我有用:
- 设置环境变量
AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY - 设置Java系统属性
aws.accessKeyId和aws.secretKey - 在
application.yml文件中设置cloud.aws.credentials.accessKey和cloud.aws.credentials.secretKey。
我解决了这个问题。
我认为 spring-cloud-starter-aws 无法自动配置。
所以我像这样以编程方式设置访问密钥和秘密密钥:
@Configuration
class AWSS3Configuration {
@Value("${cloud.aws.credentials.access-key}")
val accessKey: String = ""
@Value("${cloud.aws.credentials.secret-key}")
val secretKey: String = ""
@Bean
fun amazonS3(): AmazonS3 =
AmazonS3ClientBuilder.standard()
.withCredentials(AWSStaticCredentialsProvider(BasicAWSCredentials(accessKey, secretKey)))
.build()
}
似乎由于某种原因,AWSCredentialProvider bean 加载不正确,所以我可以通过设置以下 bean 来临时解决这个问题。这不是一个正确的修复,但它确实解除了我的工作障碍:
@Configuration
public class AWSCredentialProvider {
@Value("${aws.access-key}")
protected String accessKey;
@Value("${aws.secret-key}")
protected String secretKey;
@Bean
@Primary
public AWSCredentialsProvider buildAWSCredentialsProvider() {
AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
return new AWSStaticCredentialsProvider(awsCredentials);
}
}
这简直让我抓狂。通过AWS代码仔细追查,发现如果设置系统属性
cloud.aws.credentials.use-default-aws-credentials-chain: true
切换到DefaultAWSCredentialsProviderChain。否则,它使用两个提供者的链 - EC2ContainerCredentialsProviderWrapper 和 ProfileCredentialsProvider.
这适用于 Spring Boot 2.3.4。对于版本 2.2.5,系统 属性 是
cloud.aws.credentials.useDefaultAwsCredentialsChain: true
我没研究过是什么版本改成kebab case的。否则,它将忽略在环境变量或系统属性中传递的凭据。此代码位于 ContextCredentialsAutoConfiguration.registerBeanDefinitions().
设置instance-profile: true 在 ECS 环境中对我有用。
cloud:
aws:
credentials:
instance-profile: true