问题描述
我使用 这里 以便在 c# 代码中从 AWS SecretsManager 检索密钥.
I use an example from here in order to retreive a secret from AWS SecretsManager in c# code.
我已经通过 AWS CLI 在本地设置了凭证,并且我能够使用 AWS CLI 命令aws secretsmanager list-secrets"检索密钥列表.
I have set credentials locally via AWS CLI, and I am able to retreive secret list using AWS CLI command "aws secretsmanager list-secrets".
但是 c# 控制台应用程序失败并出现错误:
But c# console app fails with an error:
> Unhandled exception. System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)
---> Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync()
at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at AWSConsoleApp2.GetSecretValueFirst.GetSecret() in D:WorkProjectsTrainingAWSConsoleApp2AWSConsoleApp2GetSecretValueFirst.cs:line 53
at AWSConsoleApp2.Program.Main(String[] args) in D:WorkProjectsTrainingAWSConsoleApp2AWSConsoleApp2Program.cs:line 11
当我改变原来的构造函数调用时
When I change original constructor call
IAmazonSecretsManager 客户端 = 新 AmazonSecretsManagerClient();
IAmazonSecretsManager client = new AmazonSecretsManagerClient();
添加 AWSCredentials 类型的继承参数
with adding inherited parameter of type AWSCredentials
IAmazonSecretsManager 客户端 = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());
IAmazonSecretsManager client = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());
效果很好.
Class StoredProfileAWSCredentials 已过时,但可以使用它.我使用在其他机器上正常工作的库,我无法更改它们.
Class StoredProfileAWSCredentials is obsolete but it works to use it. I use libraries that work without errors on the other machines and I cannot change them.
我使用属于 Administrators 组并具有 SecretsMnager 完全访问权限的用户的凭据.C#代码中已正确设置区域,配置文件为默认值.
I use credentials for user that belongs to Administrators group and has full access to SecretsMnager. Region has set properly in c# code, profile is default.
有什么想法吗?感谢提前
Any ideas? Thanks for advance
推荐答案
我遇到了同样的问题,这是我在开发环境中解决的方法
I had the same issue, here is how I fixed it on my development environment
- 我使用适用于 Visual Studio 的 AWS 扩展创建了一个 AWS 配置文件
- 设置配置文件后,使用配置文件传递凭据,它对我来说很好
这里要注意,访问密钥管理器的用户配置文件应该有一个为密钥管理器分配的有效安全组.
Point to note here, the user profile accessing the key manager should have a valid security group assigned for the Secrets manager.
试试看,告诉我结果如何.
Try it out let me know, how it went.
这篇关于AWS DotNet SDK 错误:无法从 EC2 实例元数据服务获取 IAM 安全凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!