我有一个与 Amazon SimpleDB 通信的应用程序。在本地主机上运行时一切正常,我将此 Web 应用程序部署到我的 Tomcat 实例。
我在本地 Tomcat 和部署应用程序的 Elastic Beanstalk 上将 AWS 凭证指定为环境变量。
但是,在 Elastic Beanstalk 上,我收到由以下原因引起的 Autowiring 异常(这是一个 spring-boot 应用程序):
Caused by: com.amazonaws.AmazonServiceException: User (arn:aws:sts::295923482971:assumed-role/aws-elasticbeanstalk-ec2-role/i-b35eef66) does not have permission to perform (sdb:ListDomains) on resource (arn:aws:sdb:us-east-1:295923482971:domain/). Contact account owner. (Service: AmazonSimpleDB; Status Code: 403; Error Code: AuthorizationFailure; Request ID: a20f4ed9-a54d-ec13-2886-b5d31cce3778)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1088)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:735)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:461)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:296)
at com.amazonaws.services.simpledb.AmazonSimpleDBClient.invoke(AmazonSimpleDBClient.java:1021)
at com.amazonaws.services.simpledb.AmazonSimpleDBClient.listDomains(AmazonSimpleDBClient.java:708)
at com.amazonaws.services.simpledb.AmazonSimpleDBClient.listDomains(AmazonSimpleDBClient.java:974)
at com.berrycloud.paypal.service.impl.SimpleDBServiceImpl.init(SimpleDBServiceImpl.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
这发生在启动期间,我正在使用以下代码 Autowiring 一个类:
@PostConstruct
private void init() {
log.debug("Setting database client endpoint: {}", endpoint);
client.setEndpoint(endpoint);
// check if the domain exists
log.debug("Listing existing domains...");
final List<String> tableNames = client.listDomains().getDomainNames();
if (!tableNames.contains(domain)) {
// if not, create it
log.debug("Creating domain {}", domain);
client.createDomain(new CreateDomainRequest(domain));
}
}
我在本地和 Elastic Beanstalk 上都使用相同的 AWS 凭证,所以我不明白为什么它在第一种情况下有效,但在另一种情况下却失败了。有人可以帮帮我吗?
最佳答案
你们对用户有什么政策吗?一般是IAM策略不够好,可以看更多here
你可以尝试添加:
{
"Version": "2015-09-14",
"Statement":[{
"Effect":"Allow",
"Action":"sdb:ListDomains",
"Resource":"arn:aws:sdb:us-east-1:295923482971:domain/<youraccount>"
}
]
}
关于java - 无法从 Elastic Beanstalk 连接到 Amazon SimpleDB,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32560827/