更新到新版本的 boto 库后发生 UnrecognizedClientException

UnrecognizedClientException after updating to new version of boto libraries

更新 boto3botocore 后,调用 CloudTrail 客户端对象的 describe_trails 函数的代码现在出错。 更改的库版本如下:

boto3: 1.9.44 -> 1.14.45

botocore: 1.12.44 -> 1.17.45

def get_region_list():
    '''
    Get the list of regions covered by CloudTrail from AWS
    '''
    return boto3.session.Session().get_available_regions(
        service_name='cloudtrail',
        partition_name='aws',
        allow_non_regional=False
    )


def generate_cloudtrail_clients(region_list, access_key, secret_key):
    '''
    Generates client objects that interact with CloudTrail in Amazon AWS.
    Each client object corresponds to a different region in region_list
    '''
    for region in region_list:
        yield boto3.client(
            'cloudtrail',
            aws_access_key_id=access_key,
            aws_secret_access_key=secret_key,
            region_name=region
        )
        
clients = generate_cloudtrail_clients(get_region_list(), access_key, secret_key)

for client in clients:
    print(client.describe_trails())

它给我的错误:

ClientError                               Traceback (most recent call last)
<ipython-input-31-31c1b228c022> in <module>
     30 
     31 for client in clients:
---> 32     print(client.describe_trails())

/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _api_call(self, *args, **kwargs)
    314                     "%s() only accepts keyword arguments." % py_operation_name)
    315             # The "self" in this scope is referring to the BaseClient.
--> 316             return self._make_api_call(operation_name, kwargs)
    317 
    318         _api_call.__name__ = str(py_operation_name)

/opt/anaconda3/lib/python3.7/site-packages/botocore/client.py in _make_api_call(self, operation_name, api_params)
    633             error_code = parsed_response.get("Error", {}).get("Code")
    634             error_class = self.exceptions.from_code(error_code)
--> 635             raise error_class(parsed_response, operation_name)
    636         else:
    637             return parsed_response

ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid.

根据我查找的有关此错误的信息,如果 access_key、secret_access_key 凭据没有访问相关对象的正确权限,则经常会发生此错误。在这种情况下,我确实拥有正确的权限,因为我可以在旧版本的 boto 库上访问这些对象,并且在附加的权限 JSON.

中很清楚
{
    "Effect": "Allow",
    "Action": [
        "cloudtrail:DescribeTrails"
    ],
    "Resource": "*"
}

知道这里出了什么问题会发生这个错误吗?

错误是由于未启用可选的新区域造成的。

boto 库 return 比旧版本更大的可用区域集。如果为禁用的区域之一创建了客户端,然后我们使用该客户端调用 DescribeTrails,我们会收到 UnrecognizedClientException 错误。