"profile file cannot be null" 尝试从 AWS Lambda 担任角色时
"profile file cannot be null" when trying to assume role from AWS Lambda
如果我的问题很基础,请原谅我,但我是 AWS 的新手。我正在使用 Java 创建一个 lambda 函数,它可以从另一个 AWS 账户承担一个角色。我已经在另一个账户上创建了角色,在这个账户上创建了角色以担任该角色,并将该角色附加到我的 lambda 函数。 (我已经使用用 Javascript 编写的 Lambda 函数测试了这些角色并且它有效,因此应该正确设置它们)。
在我的 lambda 函数的代码中,我试图承担这个角色,以便我可以从其他帐户访问一些服务。但是,我收到错误消息中显示的“配置文件不能为空”,我不确定那是什么意思。
public String handleRequest(Map<String,String> event, Context context)
{
String clientRegion = "us-east-1";
String roleARN = "ARN_OF_ROLE_ON_THIS_ACC";
String roleSessionName = "session";
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(clientRegion)
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(roleARN)
.withRoleSessionName(roleSessionName);
//The line below causes the error
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
BasicSessionCredentials awsCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
//do other stuff here
}
错误信息:
"errorMessage": "profile file cannot be null",
"errorType": "java.lang.IllegalArgumentException",
"stackTrace": [
"com.amazonaws.util.ValidationUtils.assertNotNull(ValidationUtils.java:37)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:142)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:133)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:100)",
"com.amazonaws.auth.profile.ProfileCredentialsProvider.getCredentials(ProfileCredentialsProvider.java:135)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:833)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:783)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:704)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1728)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1695)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1684)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:488)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:457)",
"com.amazon.amazonstoresadminportallambda.handlers.TestHandler.handleRequest(TestHandler.java:80)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
谁能帮我解决这个问题?提前致谢!
您的 Lambda 函数代码尝试从其环境中读取凭证。为此,它使用 ProfileCredentialsProvider 显然假设有一个 ~/.aws/credentials 文件不存在。
尝试 DefaultAWSCredentialsProviderChain,它应该从更多位置(环境变量、凭证文件、EC2 IAM 角色、Lambda IAM 角色等)读取凭证:
AWSSecurityTokenService stsClient =
AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(clientRegion)
.build();
如果我的问题很基础,请原谅我,但我是 AWS 的新手。我正在使用 Java 创建一个 lambda 函数,它可以从另一个 AWS 账户承担一个角色。我已经在另一个账户上创建了角色,在这个账户上创建了角色以担任该角色,并将该角色附加到我的 lambda 函数。 (我已经使用用 Javascript 编写的 Lambda 函数测试了这些角色并且它有效,因此应该正确设置它们)。
在我的 lambda 函数的代码中,我试图承担这个角色,以便我可以从其他帐户访问一些服务。但是,我收到错误消息中显示的“配置文件不能为空”,我不确定那是什么意思。
public String handleRequest(Map<String,String> event, Context context)
{
String clientRegion = "us-east-1";
String roleARN = "ARN_OF_ROLE_ON_THIS_ACC";
String roleSessionName = "session";
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(clientRegion)
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(roleARN)
.withRoleSessionName(roleSessionName);
//The line below causes the error
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
BasicSessionCredentials awsCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(),
sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
//do other stuff here
}
错误信息:
"errorMessage": "profile file cannot be null",
"errorType": "java.lang.IllegalArgumentException",
"stackTrace": [
"com.amazonaws.util.ValidationUtils.assertNotNull(ValidationUtils.java:37)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:142)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:133)",
"com.amazonaws.auth.profile.ProfilesConfigFile.<init>(ProfilesConfigFile.java:100)",
"com.amazonaws.auth.profile.ProfileCredentialsProvider.getCredentials(ProfileCredentialsProvider.java:135)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:833)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:783)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutor.access0(AmazonHttpClient.java:704)",
"com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)",
"com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1728)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1695)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1684)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:488)",
"com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:457)",
"com.amazon.amazonstoresadminportallambda.handlers.TestHandler.handleRequest(TestHandler.java:80)",
"sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)",
"sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)",
"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)",
"java.lang.reflect.Method.invoke(Method.java:498)"
]
}
谁能帮我解决这个问题?提前致谢!
您的 Lambda 函数代码尝试从其环境中读取凭证。为此,它使用 ProfileCredentialsProvider 显然假设有一个 ~/.aws/credentials 文件不存在。
尝试 DefaultAWSCredentialsProviderChain,它应该从更多位置(环境变量、凭证文件、EC2 IAM 角色、Lambda IAM 角色等)读取凭证:
AWSSecurityTokenService stsClient =
AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(clientRegion)
.build();