3

我正在尝试获取临时安全凭证并使用它们在 Kinesis 流上推送/发布数据。请检查以下代码以获取凭据。

private AssumeRoleResult getAssumeRoleResult() {
    AssumeRoleResult assumeRoleResult = null;
    try {
        log.info("Started to fetch AssumeRoleResult");
        BasicSessionCredentials currentRoleCredentials = getCredentialsOfCurrentRole();
        String sessionName = "assumedRole_" + RandomStringUtils.randomAlphanumeric(5).toUpperCase();
        region = Config.getRegion();
        AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard()
                                .withCredentials(new AWSStaticCredentialsProvider(currentRoleCredentials)).withRegion(region)
                                .build();
        String roleArn = Configurations.ROLE_ARN;
        assumeRoleResult = sts.assumeRole(new AssumeRoleRequest().withRoleArn(roleArn)
                                        .withDurationSeconds(AWS_KINESIS_SESSION_DURATION)
                                        .withRoleSessionName(sessionName));
        log.info("Your AssumeRoleResult is" + assumeRoleResult.toString())
        return assumeRoleResult;
    } catch(Exception e) {
        log.error("Failed to get AssumeRoleResult with error : {}", e.getMessage());
        e.printStackTrace();
    }
}


private BasicSessionCredentials getCredentialsOfCurrentRole() throws JSONException {
    // Code to fetch IAM credentials for current role
}

但是当我检查日志时,发现assumeRoleResult没有返回任何东西。(我没有看到任何日志说“你的AssumeRoleResult 是”,也没有发现异常)。

你能告诉我这里可能有什么问题吗?

4

1 回答 1

1

为了解决这个问题,我添加了以下更改

  1. 更新了给定账户的 信任关系https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

  2. 将 aws-java-sdk-kinesis和aws -java-sdk-sts更新到最新版本。

于 2021-03-17T19:19:57.087 回答