使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

The security token included in the request is invalid on request to dynamoDB from Elastic beanstalk

0

Hello, I have Beanstalk app which trying to call dynamoDB, my code is copied from this docs -> https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/dynamodb-example-query-scan.html i'm trying to perform query operation and get error The security token included in the request is invalid

When i login to ec2 this app is running on and install aws-cli i can perform dynamoDB operations

I have no access key and secret set in EB directly, do you have any ideas why i get this error ?

主題
運算管理與治理資料庫
標籤
AWS Elastic BeanstalkAWS Command Line InterfaceAmazon DynamoDB
語言
English
kstozek
已提問 1 年前檢視次數 813 次
1 個回答
1

You must always have credentials to access other systems, no matter if its within AWS Org or not. You're ElasticBeanstalk should have a valid IAM role with adequate permissions to make requests to DynamoDB.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

Ensure that you follow the credential chain and you do not have configured stale credentials higher up the chain which can lead to issues.

profile pictureAWS
專家
Leeroy Hannigan
已回答 1 年前
  • kstozek
    1 年前

    I have it configured

    extended_ec2_policy_document = <<EOF
{
  "Statement": [
      {
          "Action": [
              "dynamodb:PutItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:GetItem",
              "dynamodb:BatchGetItem",
              "dynamodb:Query",
              "dynamodb:UpdateItem",
              "dynamodb:DeleteItem"
          ],
          "Effect": "Allow",
          "Resource": "dynamoDB arn",
          "Sid": "some sid"
      }
  ],
  "Version": "2012-10-17"
}
EOF
}
  • kstozek
    1 年前

    AWS cli is working on ec2 with this app so i believe there is no problem with keys / credentials

  • Leeroy Hannigan 專家
    1 年前

    The CLI is very likely using different credentials. In your app, call GetCallerIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html`

  • kstozek
    1 年前

    Tried that, and get the same error about security token

  • Leeroy Hannigan 專家
    1 年前

    SSH to your ElasticBeanstalk instance and export credentials using the CLI. This is the first in the chain and will solve your issue.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容