sendMessage:CredentialsError:配置中缺少凭证,如果使用 AWS_CONFIG_FILE,请在 AWS Lambda 上设置 AWS_SDK_LOAD_CONFIG=1
节点代码
// send message to aws sqs
const AWS = require('aws-sdk');
const sqs = new AWS.SQS({
apiVersion: '2012-11-05',
region: process.env.AWS_REGION,
credentials: new AWS.SharedIniFileCredentials(
{
disableAssumeRole: false,
},
),
});
const sendMessage = async (queueUrl, message) => {
console.log('region:', process.env.AWS_REGION, 'accessKeyId:',
process.env.AWS_ACCESS_KEY_ID, 'secretAccessKey:',
process.env.AWS_SECRET_ACCESS_KEY, 'AWS_SHARED_CREDENTIALS_FILE',
process.env.AWS_SHARED_CREDENTIALS_FILE, 'AWS_SDK_LOAD_CONFIG',
process.env.AWS_SDK_LOAD_CONFIG, 'AWS_PROFILE', process.env.AWS_PROFILE,
'AWS_CONFIG_FILE', process.env.AWS_CONFIG_FILE);
console.log(`sendMessage: ${queueUrl}, message: ${message}`);
const params = {
MessageBody: message,
QueueUrl: queueUrl,
};
await sqs.sendMessage(params).promise().then(
(data) => {
console.log(`sendMessage: ${data}`);
},
(err) => {
console.log(`sendMessage: ${err}`);
},
);
};
const deleteMessage = async (queueUrl, receiptHandle) => {
const params = {
QueueUrl: queueUrl,
ReceiptHandle: receiptHandle,
};
await sqs.deleteMessage(params).promise().then(
(data) => {
console.log(`deleteMessage: ${data}`);
},
(err) => {
console.log(`deleteMessage: ${err}`);
},
);
};
module.exports = {
sendMessage,
deleteMessage,
};
相同的代码在一个 lambda 中工作正常,但在另一个 lambda 中我得到 sendMessage: CredentialsError: 配置中缺少凭证,如果使用 AWS_CONFIG_FILE,请设置 AWS_SDK_LOAD_CONFIG=1
我尝试过的事情:
- 尝试设置 AWS_SDK_LOAD_CONFIG=1 不起作用
- 尝试取消上面的设置:不起作用
- 尝试打印评估密钥和秘密密钥正在打印,但不起作用
- 我已经尝试了此链接中的所有操作 https://github.com/aws/aws-sdk-js/issues/1955< /a>
- 检查了所有权限,但这不是权限相关的问题,否则我会遇到访问错误,
- 也尝试升级和降级 aws-sdk 版本。
Node Code
// send message to aws sqs
const AWS = require('aws-sdk');
const sqs = new AWS.SQS({
apiVersion: '2012-11-05',
region: process.env.AWS_REGION,
credentials: new AWS.SharedIniFileCredentials(
{
disableAssumeRole: false,
},
),
});
const sendMessage = async (queueUrl, message) => {
console.log('region:', process.env.AWS_REGION, 'accessKeyId:',
process.env.AWS_ACCESS_KEY_ID, 'secretAccessKey:',
process.env.AWS_SECRET_ACCESS_KEY, 'AWS_SHARED_CREDENTIALS_FILE',
process.env.AWS_SHARED_CREDENTIALS_FILE, 'AWS_SDK_LOAD_CONFIG',
process.env.AWS_SDK_LOAD_CONFIG, 'AWS_PROFILE', process.env.AWS_PROFILE,
'AWS_CONFIG_FILE', process.env.AWS_CONFIG_FILE);
console.log(`sendMessage: ${queueUrl}, message: ${message}`);
const params = {
MessageBody: message,
QueueUrl: queueUrl,
};
await sqs.sendMessage(params).promise().then(
(data) => {
console.log(`sendMessage: ${data}`);
},
(err) => {
console.log(`sendMessage: ${err}`);
},
);
};
const deleteMessage = async (queueUrl, receiptHandle) => {
const params = {
QueueUrl: queueUrl,
ReceiptHandle: receiptHandle,
};
await sqs.deleteMessage(params).promise().then(
(data) => {
console.log(`deleteMessage: ${data}`);
},
(err) => {
console.log(`deleteMessage: ${err}`);
},
);
};
module.exports = {
sendMessage,
deleteMessage,
};
The same code is working fine in one lambda, but in another I am gettingsendMessage: CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
Things I have tried:
- tried setting AWS_SDK_LOAD_CONFIG=1 didn't work
- tried unsetting above: didn't work
- tried printing the assess key and secret key they are getting printed, but not working
- I have tried all things in this link https://github.com/aws/aws-sdk-js/issues/1955
- Checked all permissions but it's not permission related issue otherwise I would have got access error,
- tried upgrading and downgrading aws-sdk version as well.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
使用 AWS Lambda,您不必担心访问密钥和秘密。只需向 Lambda 的 IAM 角色授予必要的权限,然后使用
SDK 实例化您的 SDK,SDK 将自动获取凭证。
如果您想确保 SDK 使用特定的 API 版本,请保留 apiVersion 属性:
不要记录访问密钥和机密,这存在安全风险。
要了解有关 Lambda 所承担角色的更多信息,请查看
With AWS Lambda, you don't have to worry about the access key and secret. Simply grant the necessary rights to the Lambda's IAM role, and instantiate your SDK with
The SDK will pick up the credentials automatically.
If you want to make sure the SDK uses a specific API version, keep the
apiVersionprop:Don't log the access key and secret, that's a security risk.
To read more about the role that Lambda assumes, check the documentation.
使用内联凭据不是一个好习惯。作为更好的做法,删除所有凭据(access_key、secret_key、凭据配置文件等)可能会出现访问异常。
授予 lambda SendMessage (sqs:SendMessage) 权限,然后就可以开始了。
Its not a good practice to use inline credentials. As a better practice remove all credentials (access_key, secret_key, credentials profile etc) probably you will get access exception.
Grant the lambda SendMessage (sqs:SendMessage) permissions and you are good to go.
你必须尝试这种方式。如果你想发送消息,那么在 params 中添加一个 key,即 message
you have to try this way. if you want to send message then add one key which is message in params