SQS ExpiredToken:请求中包含的安全令牌为过期状态码:
SQS ExpiredToken: The security token included in the request is expired status code:
我在假设规则后尝试连接到 AWS sqs,但我在一小时后收到过期的安全令牌错误,我该如何自动刷新连接?
@Bean
public QueueMessagingTemplate queueMessagingTemplate(){
return new QueueMessagingTemplate(amazonSQSAsync());
}
private AmazonSQSAsync amazonSQSAsync(){
try {
logger.info("Start amazonSQSAsync");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(AWS_REGION)
.build();
logger.info("stsClient created successfully");
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(ROLE_ARN)
.withRoleSessionName(ROLE_SESSION_NAME)
.withDurationSeconds(3600);
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);
logger.info("assumeRoleResult created successfully");
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
assumeRoleResult.getCredentials().getAccessKeyId(),
assumeRoleResult.getCredentials().getSecretAccessKey(),
assumeRoleResult.getCredentials().getSessionToken());
logger.info("basicSessionCredentials created successfully");
AmazonSQSAsync amazonSQSAsync = AmazonSQSAsyncClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
.withRegion(AWS_REGION).build();
// .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(SQS_URL,"us-east-2"))
logger.info("amazonSQSAsync created successfully");
return amazonSQSAsync;
} catch (Exception e){
logger.error("Failed to create Amazon sqs client", e);
throw e;
}
}
您可以从 STSAssumeRoleSessionCredentialsProvider:
获取自动续订凭据
AWSSecurityTokenService stsClient
= AWSSecurityTokenServiceClientBuilder.defaultClient();
STSAssumeRoleSessionCredentialsProvider assumedRoleCredentialsProvider
= new STSAssumeRoleSessionCredentialsProvider.Builder(ROLE_ARN, SESSION_ID)
.withStsClient(stsClient)
.build();
AmazonSQS sqsClient
= AmazonSQSClientBuilder.standard()
.withCredentials(assumedRoleCredentialsProvider)
.build();
请注意,您无法在使用派生客户端时关闭 stsClient
。根据 AWS 的建议,创建一个持续程序生命周期的单例实例。
我在假设规则后尝试连接到 AWS sqs,但我在一小时后收到过期的安全令牌错误,我该如何自动刷新连接?
@Bean
public QueueMessagingTemplate queueMessagingTemplate(){
return new QueueMessagingTemplate(amazonSQSAsync());
}
private AmazonSQSAsync amazonSQSAsync(){
try {
logger.info("Start amazonSQSAsync");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(AWS_REGION)
.build();
logger.info("stsClient created successfully");
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(ROLE_ARN)
.withRoleSessionName(ROLE_SESSION_NAME)
.withDurationSeconds(3600);
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);
logger.info("assumeRoleResult created successfully");
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
assumeRoleResult.getCredentials().getAccessKeyId(),
assumeRoleResult.getCredentials().getSecretAccessKey(),
assumeRoleResult.getCredentials().getSessionToken());
logger.info("basicSessionCredentials created successfully");
AmazonSQSAsync amazonSQSAsync = AmazonSQSAsyncClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))
.withRegion(AWS_REGION).build();
// .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(SQS_URL,"us-east-2"))
logger.info("amazonSQSAsync created successfully");
return amazonSQSAsync;
} catch (Exception e){
logger.error("Failed to create Amazon sqs client", e);
throw e;
}
}
您可以从 STSAssumeRoleSessionCredentialsProvider:
获取自动续订凭据AWSSecurityTokenService stsClient
= AWSSecurityTokenServiceClientBuilder.defaultClient();
STSAssumeRoleSessionCredentialsProvider assumedRoleCredentialsProvider
= new STSAssumeRoleSessionCredentialsProvider.Builder(ROLE_ARN, SESSION_ID)
.withStsClient(stsClient)
.build();
AmazonSQS sqsClient
= AmazonSQSClientBuilder.standard()
.withCredentials(assumedRoleCredentialsProvider)
.build();
请注意,您无法在使用派生客户端时关闭 stsClient
。根据 AWS 的建议,创建一个持续程序生命周期的单例实例。