更新到新版本的 boto 库后发生 UnrecognizedClientException
UnrecognizedClientException after updating to new version of boto libraries
更新 boto3 和 botocore 后,调用 CloudTrail 客户端对象的 describe_trails 函数的代码现在出错。
更改的库版本如下:
boto3: 1.9.44 -> 1.14.45
botocore: 1.12.44 -> 1.17.45
def get_region_list():
'''
Get the list of regions covered by CloudTrail from AWS
'''
return boto3.session.Session().get_available_regions(
service_name='cloudtrail',
partition_name='aws',
allow_non_regional=False
)
def generate_cloudtrail_clients(region_list, access_key, secret_key):
'''
Generates client objects that interact with CloudTrail in Amazon AWS.
Each client object corresponds to a different region in region_list
'''
for region in region_list:
yield boto3.client(
'cloudtrail',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
region_name=region
)
clients = generate_cloudtrail_clients(get_region_list(), access_key, secret_key)
for client in clients:
print(client.describe_trails())
它给我的错误:
ClientError Traceback (most recent call last)
<ipython-input-31-31c1b228c022> in <module>
30
31 for client in clients:
---> 32 print(client.describe_trails())
/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _api_call(self, *args, **kwargs)
314 "%s() only accepts keyword arguments." % py_operation_name)
315 # The "self" in this scope is referring to the BaseClient.
--> 316 return self._make_api_call(operation_name, kwargs)
317
318 _api_call.__name__ = str(py_operation_name)
/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _make_api_call(self, operation_name, api_params)
633 error_code = parsed_response.get("Error", {}).get("Code")
634 error_class = self.exceptions.from_code(error_code)
--> 635 raise error_class(parsed_response, operation_name)
636 else:
637 return parsed_response
ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid.
根据我查找的有关此错误的信息,如果 access_key、secret_access_key 凭据没有访问相关对象的正确权限,则经常会发生此错误。在这种情况下,我确实拥有正确的权限,因为我可以在旧版本的 boto 库上访问这些对象,并且在附加的权限 JSON.
中很清楚
{
"Effect": "Allow",
"Action": [
"cloudtrail:DescribeTrails"
],
"Resource": "*"
}
知道这里出了什么问题会发生这个错误吗?
错误是由于未启用可选的新区域造成的。
新 boto 库 return 比旧版本更大的可用区域集。如果为禁用的区域之一创建了客户端,然后我们使用该客户端调用 DescribeTrails,我们会收到 UnrecognizedClientException 错误。
更新 boto3 和 botocore 后,调用 CloudTrail 客户端对象的 describe_trails 函数的代码现在出错。
更改的库版本如下:
boto3: 1.9.44 -> 1.14.45
botocore: 1.12.44 -> 1.17.45
def get_region_list():
'''
Get the list of regions covered by CloudTrail from AWS
'''
return boto3.session.Session().get_available_regions(
service_name='cloudtrail',
partition_name='aws',
allow_non_regional=False
)
def generate_cloudtrail_clients(region_list, access_key, secret_key):
'''
Generates client objects that interact with CloudTrail in Amazon AWS.
Each client object corresponds to a different region in region_list
'''
for region in region_list:
yield boto3.client(
'cloudtrail',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
region_name=region
)
clients = generate_cloudtrail_clients(get_region_list(), access_key, secret_key)
for client in clients:
print(client.describe_trails())
它给我的错误:
ClientError Traceback (most recent call last)
<ipython-input-31-31c1b228c022> in <module>
30
31 for client in clients:
---> 32 print(client.describe_trails())
/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _api_call(self, *args, **kwargs)
314 "%s() only accepts keyword arguments." % py_operation_name)
315 # The "self" in this scope is referring to the BaseClient.
--> 316 return self._make_api_call(operation_name, kwargs)
317
318 _api_call.__name__ = str(py_operation_name)
/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _make_api_call(self, operation_name, api_params)
633 error_code = parsed_response.get("Error", {}).get("Code")
634 error_class = self.exceptions.from_code(error_code)
--> 635 raise error_class(parsed_response, operation_name)
636 else:
637 return parsed_response
ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid.
根据我查找的有关此错误的信息,如果 access_key、secret_access_key 凭据没有访问相关对象的正确权限,则经常会发生此错误。在这种情况下,我确实拥有正确的权限,因为我可以在旧版本的 boto 库上访问这些对象,并且在附加的权限 JSON.
中很清楚{
"Effect": "Allow",
"Action": [
"cloudtrail:DescribeTrails"
],
"Resource": "*"
}
知道这里出了什么问题会发生这个错误吗?
错误是由于未启用可选的新区域造成的。
新 boto 库 return 比旧版本更大的可用区域集。如果为禁用的区域之一创建了客户端,然后我们使用该客户端调用 DescribeTrails,我们会收到 UnrecognizedClientException 错误。