如何处理SNS的AWS安全问题

Question

我正尝试使用Spring Cloud向AWS发布SNS消息。但我是新手，无法理解安全设置。 我在AWS中创建了一个用户。我给了他一个“AmazonSNSRole”角色。 我有代码：

import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.cloud.aws.messaging.core.NotificationMessagingTemplate; 
import org.springframework.http.HttpStatus; 
import org.springframework.web.bind.annotation.*; 

@RestController     
@RequestMapping("/sns")   
public class SnsSenderController {  

    private static final Logger theLogger = LoggerFactory.getLogger(SnsSenderController.class); 
    private final NotificationMessagingTemplate notificationMessagingTemplate; 

    @Autowired 
    public SnsSenderController(NotificationMessagingTemplate notificationMessagingTemplate) { 
     this.notificationMessagingTemplate = notificationMessagingTemplate; 
    } 

    @RequestMapping(value = "/send", method = RequestMethod.POST) 
    @ResponseStatus(HttpStatus.OK) 
    public void sendNotification(@RequestBody SnsNotification notification) { 
     theLogger.debug("Going to send notification {}", notification); 

     this.notificationMessagingTemplate.sendNotification("SnsTopic", notification.getMessage(), notification.getSubject()); 
    } 

} 

我有beans.xml中，我把钥匙放在我的AMS用户：

<?xml version="1.0" encoding="UTF-8"?> 

<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:aws-context="http://www.springframework.org/schema/cloud/aws/context" 
     xmlns:aws-messaging="http://www.springframework.org/schema/cloud/aws/messaging" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans.xsd 
          http://www.springframework.org/schema/cloud/aws/context 
          http://www.springframework.org/schema/cloud/aws/context/spring-cloud-aws-context-1.0.xsd 
          http://www.springframework.org/schema/cloud/aws/messaging 
          http://www.springframework.org/schema/cloud/aws/messaging/spring-cloud-aws-messaging-1.0.xsd"> 

     <!-- Define global credentials for all the AWS clients --> 
     <aws-context:context-credentials> 
       <aws-context:instance-profile-credentials/> 
       <aws-context:simple-credentials access-key="accessKeyForMyUser" 
               secret-key="secretKeyForMyUser"/> 
     </aws-context:context-credentials> 

     <!-- Messaging--> 
     <aws-messaging:notification-messaging-template id="notificationMessagingTemplate" /> 

</beans> 

但是，当我试图发送SNS我看到错误：

02:08:36.445 [http-nio-8080-exec-4] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48)] with root cause 
com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48) 

为什么这么说？请，有人可以解释我如何处理它？像我这样的新手真的很难。先谢谢你！

Answer 1

您需要提供实例配置文件凭据或用户凭据。 由于您使用的是用户凭证，因此从Spring xml bean中删除实例配置文件凭据