AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

The security token included in the request is invalid on request to dynamoDB from Elastic beanstalk

0

Hello, I have Beanstalk app which trying to call dynamoDB, my code is copied from this docs -> https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/dynamodb-example-query-scan.html i'm trying to perform query operation and get error The security token included in the request is invalid

When i login to ec2 this app is running on and install aws-cli i can perform dynamoDB operations

I have no access key and secret set in EB directly, do you have any ideas why i get this error ?

주제
컴퓨팅관리 및 거버넌스데이터베이스
태그
AWS Elastic BeanstalkAWS 명령줄 인터페이스아마존 DynamoDB
언어
English
kstozek
질문됨 일 년 전813회 조회
1개 답변
1

You must always have credentials to access other systems, no matter if its within AWS Org or not. You're ElasticBeanstalk should have a valid IAM role with adequate permissions to make requests to DynamoDB.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

Ensure that you follow the credential chain and you do not have configured stale credentials higher up the chain which can lead to issues.

profile pictureAWS
전문가
Leeroy Hannigan
답변함 일 년 전
  • kstozek
    일 년 전

    I have it configured

    extended_ec2_policy_document = <<EOF
{
  "Statement": [
      {
          "Action": [
              "dynamodb:PutItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:GetItem",
              "dynamodb:BatchGetItem",
              "dynamodb:Query",
              "dynamodb:UpdateItem",
              "dynamodb:DeleteItem"
          ],
          "Effect": "Allow",
          "Resource": "dynamoDB arn",
          "Sid": "some sid"
      }
  ],
  "Version": "2012-10-17"
}
EOF
}
  • kstozek
    일 년 전

    AWS cli is working on ec2 with this app so i believe there is no problem with keys / credentials

  • Leeroy Hannigan 전문가
    일 년 전

    The CLI is very likely using different credentials. In your app, call GetCallerIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html`

  • kstozek
    일 년 전

    Tried that, and get the same error about security token

  • Leeroy Hannigan 전문가
    일 년 전

    SSH to your ElasticBeanstalk instance and export credentials using the CLI. This is the first in the chain and will solve your issue.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠