Exception: com.amazonaws.services.cloudtrail.model.AWSCloudTrailException: The security token included in the request is invalid. (Service: AWSCloudTrail; Status Code: 400; Error Code: UnrecognizedClientException;
the sample code : awsCredentials (accessKey, SecretAsscessKey) is the temporary credential I got through AssumeRole (RoleA). RoleA has the priviliage to access LookupEvents in CloudTrail.
AWSCloudTrailClientBuilder awsCloudTrailClientBuilder = AWSCloudTrailClientBuilder.standard();
AWSCredentialsProvider awsCredentialsProvider = new AWSStaticCredentialsProvider(new BasicAWSCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey())) ;
AWSCloudTrail awsCloudTrailClient = awsCloudTrailClientBuilder.withClientConfiguration(new ClientConfiguration()
.withSocketTimeout(5000)
.withConnectionMaxIdleMillis(30000L))
.withCredentials(awsCredentialsProvider)
.withRegion(Regions.US_EAST_1)
.build();
LookupEventsRequest request = new LookupEventsRequest()
.withRequestCredentialsProvider(awsCredentialsProvider);
LookupEventsResult lookupEventsResult = awsCloudTrailClient.lookupEvents(request);
The exception comes from the lookupEvents call. I ensure the credential doesn’t expire when I call LookupEvents(request).
Are there any wrong with the above code ? Thanks for your support.
Advertisement
Answer
I fixed it. BasicSessionCredentials is used instead of BasicAWSCredentials.
AWSCredentialsProvider awsCredentialsProvider = new AWSStaticCredentialsProvider(new BasicSessionCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey(),awsCredentials.getSessionToken())) ;