Spring Boot DynamoDB AWS Exception

2
votes

I am experiencing an error on AWS DynamoDB that says:

[Request processing failed; nested exception is com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: VJ8R07B81ANC1047P1ANEDS4CRVV4KQNSO5AEMVJF66Q9ASUAAJG)] with root causecom.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: The security token included in the request is invalid. (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: VJ8R07B81ANC1047P1ANEDS4CRVV4KQNSO5AEMVJF66Q9ASUAAJG)

with an actual DynamoDB Endpoint running in an EC2 instance. However, when I run the application and point it on my local DynamoDB, it works.

Anyone got a solution on this? Thanks.

Here's my config on DynamoDB

@Configuration
@EnableDynamoDBRepositories(basePackages = "**.****.***.repository")
public class DynamoConfig {

    @Value("${aws.secret.key}")
    private String awsSecretKey;

    @Value("${aws.access.key}")
    private String awsAccessKey;

    @Value("${aws.dynamodb.endpoint}")
    private String awsDynamoDBEndpoint;

    @Value("${aws.region}")
    private String awsRegion;

    @Bean
    public AmazonDynamoDB amazonDynamoDB() {
        AmazonDynamoDBClientBuilder amazonDynamoDB = AmazonDynamoDBClientBuilder.standard()
                .withCredentials(new AWSStaticCredentialsProvider(amazonAWSCredentials()))
                .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(awsDynamoDBEndpoint, awsRegion));

//        amazonDynamoDB.setSignerRegionOverride(Regions.fromName(awsRegion).getName());
//        if (!StringUtils.isEmpty(awsDynamoDBEndpoint)) {
//            amazonDynamoDB.setEndpoint(awsDynamoDBEndpoint);
//        }
        return amazonDynamoDB.build();
    }

    @Bean
    public AWSCredentials amazonAWSCredentials() {
        return new BasicAWSCredentials(awsAccessKey, awsSecretKey);
    }
}

P.S I have also tried running the application pointed to an actual DynamoDB Endpoint, I am encountering the same error.

1
springamazon-ec2amazon-dynamodbaws-sdk
can you please show us the code you are using to make the call to Dynamo?TheOni
Hi, I have edited my post for you to see my config.kkeda
Your code seems fine, have you checked if the access and secred keys are ok when you are creating the credentials? As stated in aws documentation you get UnrecognizedClientException if the Access Key ID or security token is invalid.TheOni
I have read about that too. I forgot to mention that they are using IAM role in DynamoDB with the instance where I run my application. Which means they told me that there is no need to declare the Access Key ID and the Secret Key, thus I left it as blank. Though I am not sure what will be the impact on it as I am only new on AWS.kkeda
If you have a role configured for your ec2 instance you can remove the withCredentials method callTheOni

1 Answers

2
votes

If you have a role configured for your ec2 instance you can remove the withCredentials method call.

The credentials are processed in this order:

  1. code defined
  2. aws client configuration
  3. if none on the precedent is found it'll use no credentials and it will be authorized only if the instance has attached a iam role granting the right privileges