Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

The security token included in the request is invalid on request to dynamoDB from Elastic beanstalk

0

Hello, I have Beanstalk app which trying to call dynamoDB, my code is copied from this docs -> https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/dynamodb-example-query-scan.html i'm trying to perform query operation and get error The security token included in the request is invalid

When i login to ec2 this app is running on and install aws-cli i can perform dynamoDB operations

I have no access key and secret set in EB directly, do you have any ideas why i get this error ?

Temas
CálculoGestión y gobiernoBase de datos
Etiquetas
AWS Elastic BeanstalkAWS Command Line InterfaceAmazon DynamoDB
Idioma
English
kstozek
preguntada hace un año813 visualizaciones
1 Respuesta
1

You must always have credentials to access other systems, no matter if its within AWS Org or not. You're ElasticBeanstalk should have a valid IAM role with adequate permissions to make requests to DynamoDB.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

Ensure that you follow the credential chain and you do not have configured stale credentials higher up the chain which can lead to issues.

profile pictureAWS
EXPERTO
Leeroy Hannigan
respondido hace un año
  • kstozek
    hace un año

    I have it configured

    extended_ec2_policy_document = <<EOF
{
  "Statement": [
      {
          "Action": [
              "dynamodb:PutItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:GetItem",
              "dynamodb:BatchGetItem",
              "dynamodb:Query",
              "dynamodb:UpdateItem",
              "dynamodb:DeleteItem"
          ],
          "Effect": "Allow",
          "Resource": "dynamoDB arn",
          "Sid": "some sid"
      }
  ],
  "Version": "2012-10-17"
}
EOF
}
  • kstozek
    hace un año

    AWS cli is working on ec2 with this app so i believe there is no problem with keys / credentials

  • Leeroy Hannigan EXPERTO
    hace un año

    The CLI is very likely using different credentials. In your app, call GetCallerIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html`

  • kstozek
    hace un año

    Tried that, and get the same error about security token

  • Leeroy Hannigan EXPERTO
    hace un año

    SSH to your ElasticBeanstalk instance and export credentials using the CLI. This is the first in the chain and will solve your issue.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante