无法验证 PreSignedUrl。 (服务:AmazonRDS;状态代码:400;错误代码-将 RDS 快照复制到不同区域时
PreSignedUrl could not be authenticated. (Service: AmazonRDS; Status Code: 400; Error Code - while copy RDS Snapshot to different region
我有一个 lambda 函数,可以将 RDS 快照从 Eu-West-3 复制到 Eu-Central-1 区域。
这是我的代码:
public class CopySnapshot implements RequestHandler<String, String> {
public String handleRequest(String input, Context context) {
AmazonRDS client = AmazonRDSClientBuilder.standard().build();
DescribeDBSnapshotsRequest request = new DescribeDBSnapshotsRequest()
.withDBInstanceIdentifier(System.getenv("DB_IDENTIFIER"))
.withSnapshotType(System.getenv("SNAPSHOT_TYPE"))
.withIncludeShared(true)
.withIncludePublic(false);
DescribeDBSnapshotsResult response = client.describeDBSnapshots(request);
System.out.println("Found the snapshot "+response);
// Get the latest snapshot
List<DBSnapshot> list = response.getDBSnapshots();
if(list.size() > 0)
{
DBSnapshot d = list.get(list.size()-1);
String snapshotArn=d.getDBSnapshotArn();
System.out.println(snapshotArn);
AmazonRDS client_dr_region = AmazonRDSClientBuilder
.standard()
.withRegion(Regions.EU_CENTRAL_1)
.build();
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yy-MM-dd-HH-mm");
CopyDBSnapshotRequest copyDbSnapshotRequest = new CopyDBSnapshotRequest()
.withSourceDBSnapshotIdentifier(snapshotArn)
.withSourceRegion("eu-west-3")
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withTargetDBSnapshotIdentifier("dr-snapshot-copy"+"-"+simpleDateFormat.format(new Date()));
DBSnapshot response_snapshot_copy = client_dr_region
.copyDBSnapshot(copyDbSnapshotRequest)
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withSourceRegion("eu-west-3");
System.out.println("Snapshot request submitted successfully "+response_snapshot_copy);
return "Snapshot copy request successfully submitted";
}
else
return "No Snapshot found";
}
}
执行代码时显示以下错误:
{
"errorMessage": "PreSignedUrl could not be authenticated. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 7f794176-a21f-448e-acb6-8a5832925cab)",
"errorType": "com.amazonaws.services.rds.model.AmazonRDSException",
"stackTrace": [
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1726)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1381)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1127)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:784)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:745)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:686)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)",
"com.amazonaws.services.rds.AmazonRDSClient.doInvoke(AmazonRDSClient.java:9286)",
"com.amazonaws.services.rds.AmazonRDSClient.invoke(AmazonRDSClient.java:9253)",
"com.amazonaws.services.rds.AmazonRDSClient.invoke(AmazonRDSClient.java:9242)",
"com.amazonaws.services.rds.AmazonRDSClient.executeCopyDBSnapshot(AmazonRDSClient.java:1262)",
"com.amazonaws.services.rds.AmazonRDSClient.copyDBSnapshot(AmazonRDSClient.java:1234)",
"fr.aws.rds.CopySnapshot.handleRequest(CopySnapshot.java:59)",
"fr.aws.rds.CopySnapshot.handleRequest(CopySnapshot.java:19)"
]
}
我正在从环境变量中获取 EU-Central-1 的 KMS ID,它是复制快照的目标区域。
lambda 在 KMS 上拥有完全权限(用于试用),但它不起作用。
向特定的 lambda 角色添加了一个内联策略,使用密钥描述、创建授权(提到了完整的 ARN),但仍然显示相同的错误。
密钥已启用但不确定为什么会出现此错误。
非常感谢您的宝贵反馈。
我已经解决了这个问题,添加了一个属性 - sourceregion。
CopyDBSnapshotRequest copyDbSnapshotRequest = new CopyDBSnapshotRequest()
.withSourceDBSnapshotIdentifier(snapshotArn)
.withSourceRegion(System.getenv("SOURCE_REGION"))
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withTargetDBSnapshotIdentifier("dr-snapshot-copy"+"-"+simpleDateFormat.format(new Date()));
DBSnapshot response_snapshot_copy = client_dr_region
.copyDBSnapshot(copyDbSnapshotRequest)
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withSourceRegion(System.getenv("SOURCE_REGION"));
瞧,它起作用了
我有一个 lambda 函数,可以将 RDS 快照从 Eu-West-3 复制到 Eu-Central-1 区域。
这是我的代码:
public class CopySnapshot implements RequestHandler<String, String> {
public String handleRequest(String input, Context context) {
AmazonRDS client = AmazonRDSClientBuilder.standard().build();
DescribeDBSnapshotsRequest request = new DescribeDBSnapshotsRequest()
.withDBInstanceIdentifier(System.getenv("DB_IDENTIFIER"))
.withSnapshotType(System.getenv("SNAPSHOT_TYPE"))
.withIncludeShared(true)
.withIncludePublic(false);
DescribeDBSnapshotsResult response = client.describeDBSnapshots(request);
System.out.println("Found the snapshot "+response);
// Get the latest snapshot
List<DBSnapshot> list = response.getDBSnapshots();
if(list.size() > 0)
{
DBSnapshot d = list.get(list.size()-1);
String snapshotArn=d.getDBSnapshotArn();
System.out.println(snapshotArn);
AmazonRDS client_dr_region = AmazonRDSClientBuilder
.standard()
.withRegion(Regions.EU_CENTRAL_1)
.build();
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yy-MM-dd-HH-mm");
CopyDBSnapshotRequest copyDbSnapshotRequest = new CopyDBSnapshotRequest()
.withSourceDBSnapshotIdentifier(snapshotArn)
.withSourceRegion("eu-west-3")
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withTargetDBSnapshotIdentifier("dr-snapshot-copy"+"-"+simpleDateFormat.format(new Date()));
DBSnapshot response_snapshot_copy = client_dr_region
.copyDBSnapshot(copyDbSnapshotRequest)
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withSourceRegion("eu-west-3");
System.out.println("Snapshot request submitted successfully "+response_snapshot_copy);
return "Snapshot copy request successfully submitted";
}
else
return "No Snapshot found";
}
}
执行代码时显示以下错误:
{
"errorMessage": "PreSignedUrl could not be authenticated. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 7f794176-a21f-448e-acb6-8a5832925cab)",
"errorType": "com.amazonaws.services.rds.model.AmazonRDSException",
"stackTrace": [
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1726)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1381)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1127)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:784)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:745)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:686)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)",
"com.amazonaws.services.rds.AmazonRDSClient.doInvoke(AmazonRDSClient.java:9286)",
"com.amazonaws.services.rds.AmazonRDSClient.invoke(AmazonRDSClient.java:9253)",
"com.amazonaws.services.rds.AmazonRDSClient.invoke(AmazonRDSClient.java:9242)",
"com.amazonaws.services.rds.AmazonRDSClient.executeCopyDBSnapshot(AmazonRDSClient.java:1262)",
"com.amazonaws.services.rds.AmazonRDSClient.copyDBSnapshot(AmazonRDSClient.java:1234)",
"fr.aws.rds.CopySnapshot.handleRequest(CopySnapshot.java:59)",
"fr.aws.rds.CopySnapshot.handleRequest(CopySnapshot.java:19)"
]
}
我正在从环境变量中获取 EU-Central-1 的 KMS ID,它是复制快照的目标区域。
lambda 在 KMS 上拥有完全权限(用于试用),但它不起作用。 向特定的 lambda 角色添加了一个内联策略,使用密钥描述、创建授权(提到了完整的 ARN),但仍然显示相同的错误。 密钥已启用但不确定为什么会出现此错误。
非常感谢您的宝贵反馈。
我已经解决了这个问题,添加了一个属性 - sourceregion。
CopyDBSnapshotRequest copyDbSnapshotRequest = new CopyDBSnapshotRequest()
.withSourceDBSnapshotIdentifier(snapshotArn)
.withSourceRegion(System.getenv("SOURCE_REGION"))
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withTargetDBSnapshotIdentifier("dr-snapshot-copy"+"-"+simpleDateFormat.format(new Date()));
DBSnapshot response_snapshot_copy = client_dr_region
.copyDBSnapshot(copyDbSnapshotRequest)
.withKmsKeyId(System.getenv("OTHER_KMS_KEY_ID"))
.withSourceRegion(System.getenv("SOURCE_REGION"));
瞧,它起作用了