Why did I get exception when I access CloudTrail Events ? Thanks

Exception: com.amazonaws.services.cloudtrail.model.AWSCloudTrailException: The security token included in the request is invalid. (Service: AWSCloudTrail; Status Code: 400; Error Code: UnrecognizedClientException;

the sample code : awsCredentials (accessKey, SecretAsscessKey) is the temporary credential I got through AssumeRole (RoleA). RoleA has the priviliage to access LookupEvents in CloudTrail.

        AWSCloudTrailClientBuilder  awsCloudTrailClientBuilder = AWSCloudTrailClientBuilder.standard();
        AWSCredentialsProvider awsCredentialsProvider  = new AWSStaticCredentialsProvider(new BasicAWSCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey()))      ;
        AWSCloudTrail awsCloudTrailClient = awsCloudTrailClientBuilder.withClientConfiguration(new ClientConfiguration()
                        .withSocketTimeout(5000)
                        .withConnectionMaxIdleMillis(30000L))
                .withCredentials(awsCredentialsProvider)
                .withRegion(Regions.US_EAST_1)
                .build();

        LookupEventsRequest request = new LookupEventsRequest()
                .withRequestCredentialsProvider(awsCredentialsProvider);

        LookupEventsResult lookupEventsResult = awsCloudTrailClient.lookupEvents(request);

JavaScript
​x
 
        AWSCloudTrailClientBuilder  awsCloudTrailClientBuilder = AWSCloudTrailClientBuilder.standard();        AWSCredentialsProvider awsCredentialsProvider  = new AWSStaticCredentialsProvider(new BasicAWSCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey()))      ;        AWSCloudTrail awsCloudTrailClient = awsCloudTrailClientBuilder.withClientConfiguration(new ClientConfiguration()                        .withSocketTimeout(5000)                        .withConnectionMaxIdleMillis(30000L))                .withCredentials(awsCredentialsProvider)                .withRegion(Regions.US_EAST_1)                .build();​        LookupEventsRequest request = new LookupEventsRequest()                .withRequestCredentialsProvider(awsCredentialsProvider);​        LookupEventsResult lookupEventsResult = awsCloudTrailClient.lookupEvents(request);​

The exception comes from the lookupEvents call. I ensure the credential doesn’t expire when I call LookupEvents(request).

Are there any wrong with the above code ? Thanks for your support.

Answer

I fixed it. BasicSessionCredentials is used instead of BasicAWSCredentials.

        AWSCredentialsProvider awsCredentialsProvider  = new AWSStaticCredentialsProvider(new BasicSessionCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey(),awsCredentials.getSessionToken()))      ;

JavaScript
 
        AWSCredentialsProvider awsCredentialsProvider  = new AWSStaticCredentialsProvider(new BasicSessionCredentials(awsCredentials.getAccessKeyId(),awsCredentials.getSecretAccessKey(),awsCredentials.getSessionToken()))      ;​

Advertisement

Answer