使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

The security token included in the request is invalid on request to dynamoDB from Elastic beanstalk

0

Hello, I have Beanstalk app which trying to call dynamoDB, my code is copied from this docs -> https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/dynamodb-example-query-scan.html i'm trying to perform query operation and get error The security token included in the request is invalid

When i login to ec2 this app is running on and install aws-cli i can perform dynamoDB operations

I have no access key and secret set in EB directly, do you have any ideas why i get this error ?

主题
计算管理与治理数据库
标签
AWS Elastic BeanstalkAWS 命令行界面Amazon DynamoDB
语言
English
kstozek
已提问 1 年前813 查看次数
1 回答
1

You must always have credentials to access other systems, no matter if its within AWS Org or not. You're ElasticBeanstalk should have a valid IAM role with adequate permissions to make requests to DynamoDB.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

Ensure that you follow the credential chain and you do not have configured stale credentials higher up the chain which can lead to issues.

profile pictureAWS
专家
Leeroy Hannigan
已回答 1 年前
  • kstozek
    1 年前

    I have it configured

    extended_ec2_policy_document = <<EOF
{
  "Statement": [
      {
          "Action": [
              "dynamodb:PutItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:GetItem",
              "dynamodb:BatchGetItem",
              "dynamodb:Query",
              "dynamodb:UpdateItem",
              "dynamodb:DeleteItem"
          ],
          "Effect": "Allow",
          "Resource": "dynamoDB arn",
          "Sid": "some sid"
      }
  ],
  "Version": "2012-10-17"
}
EOF
}
  • kstozek
    1 年前

    AWS cli is working on ec2 with this app so i believe there is no problem with keys / credentials

  • Leeroy Hannigan 专家
    1 年前

    The CLI is very likely using different credentials. In your app, call GetCallerIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html`

  • kstozek
    1 年前

    Tried that, and get the same error about security token

  • Leeroy Hannigan 专家
    1 年前

    SSH to your ElasticBeanstalk instance and export credentials using the CLI. This is the first in the chain and will solve your issue.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容