Go语言 如何使用来自变量的凭据运行AWS SDK?

yvfmudvl  于 2023-03-16  发布在  Go
关注(0)|答案(5)|浏览(177)

我以前使用过环境变量,效果很好。
现在我将配置变量迁移到一个文件中,AWS_SECRET_ACCESS_KEY和AWS_ACCESS_KEY_ID变量包含从该文件加载的相应值。
我尝试了此代码,但收到一个错误:

creds := credentials.NewStaticCredentials("123", conf.AWS_SECRET_ACCESS_KEY, conf.AWS_ACCESS_KEY_ID)
sess, err := session.NewSession(&aws.Config{Credentials: creds})

以下是错误
无效的客户端令牌ID:请求中包含的安全令牌无效。
我如何正确地将我的密钥注入到awssdk调用中?

olhwl3o2

olhwl3o21#

尝试重新排序参数,使ACCESS_KEY成为第一个参数,SECRET_KEY成为第二个参数:

creds := credentials.NewStaticCredentials(conf.AWS_ACCESS_KEY_ID, conf.AWS_SECRET_ACCESS_KEY, "")

尝试同时添加区域:

sess, err := session.NewSession(&aws.Config{
    Region:      aws.String("us-west-2"),
    Credentials: credentials.NewStaticCredentials(conf.AWS_ACCESS_KEY_ID, conf.AWS_SECRET_ACCESS_KEY, ""),
})
eiee3dmh

eiee3dmh2#

或者你可以临时设置环境变量。

package main
import (
    "fmt"
    "os"
    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/s3/s3manager"
)

const (
    AccessKeyId     = "XXXXXXXXXXXXXXXXXX"
    SecretAccessKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    Region          = "eu-west-1"
    Bucket          = "XXXXX-XXXX-XXX"
)

func main() {
    os.Setenv("AWS_ACCESS_KEY_ID",     AccessKeyId)
    os.Setenv("AWS_SECRET_ACCESS_KEY", SecretAccessKey)

    filename := os.Args[1]

    file, err := os.Open(filename)
    if err != nil {
        fmt.Println("Failed to open file", filename, err)
        os.Exit(1)
    }
    defer file.Close()

    conf := aws.Config{Region: aws.String(Region)}
    sess := session.New(&conf)

    svc := s3manager.NewUploader(sess)

    fmt.Println("Uploading file to S3...")
    result, err := svc.Upload(&s3manager.UploadInput{
        Bucket: aws.String(Bucket),
        Key:    aws.String(filepath.Base(filename)),
        Body:   file,
    })
    if err != nil {
        fmt.Println("error", err)
        os.Exit(1)
    }
}
umuewwlo

umuewwlo3#

此外,如果您不知道,SDK允许使用.aws/config下的共享配置。您可以将值放入其中,然后将环境变量AWS_SDK_LOAD_CONFIG设置为一个真实值以加载共享配置。共享配置示例如下所示:

[default]
aws_access_key_id = AKID
aws_secret_access_key = SECRET

然后运行:

AWS_SDK_LOAD_CONFIG=true go run main.go
jw5wzhpr

jw5wzhpr4#

您可以将creds变量传递给aws.Config结构体,以设置S3会话的AWS凭据。
您需要导入github.com/aws/aws-sdk-go/aws/credentials软件包。

package main

import (
    "fmt"

    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/credentials"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/s3"
)

func main() {
    accessKey := "ACCESS"
    secretKey := "SECRET"
    creds := credentials.NewStaticCredentials(accessKey, secretKey, "")

    sess, err := session.NewSession(&aws.Config{
        Credentials: creds,
        Endpoint:    aws.String("ENDPOINT"),
        Region:      aws.String("REGION"),
    })
    if err != nil {
        panic(err)
    }

    svc := s3.New(sess)

    bucketName := "ramingotestsdk"

    _, err = svc.CreateBucket(&s3.CreateBucketInput{
        Bucket: aws.String(bucketName),
    })
    if err != nil {
        panic(err)
    }

    fmt.Printf("Bucket %s created\n", bucketName)
}

输出:

Bucket ramingotestsdk created
3pmvbmvn

3pmvbmvn5#

使用此通用服务连接sdk客户端

var awsSession *session.Session

func init() {
    initializeAwsSession()
}

func initializeAwsSession() {
    awsSession = session.Must(session.NewSession(&aws.Config{
        Region:      aws.String("ap-southeast-1"),
        Credentials: credentials.NewStaticCredentials("YOUR_ACCESS_KEY","YOUR SECRET_KEY", ""),
    }))
}

相关问题