How to deal with AWS security for SNS

866 views Asked by At

I am trying to publish SNS message to AWS with Spring Cloud. But I am newbie with this and cannot understand security settings. I created a user in AWS. I gave him a "AmazonSNSRole" role. I have code:

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.aws.messaging.core.NotificationMessagingTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;

@RestController                
@RequestMapping("/sns")        
public class SnsSenderController {      

    private static final Logger theLogger = LoggerFactory.getLogger(SnsSenderController.class);
    private final NotificationMessagingTemplate notificationMessagingTemplate;

    @Autowired
    public SnsSenderController(NotificationMessagingTemplate notificationMessagingTemplate) {
        this.notificationMessagingTemplate = notificationMessagingTemplate;
    }

    @RequestMapping(value = "/send", method = RequestMethod.POST)
    @ResponseStatus(HttpStatus.OK)
    public void sendNotification(@RequestBody SnsNotification notification) {
        theLogger.debug("Going to send notification {}", notification);

        this.notificationMessagingTemplate.sendNotification("SnsTopic", notification.getMessage(), notification.getSubject());
    }

}

I have beans.xml where I put the keys for my AMS user:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aws-context="http://www.springframework.org/schema/cloud/aws/context"
       xmlns:aws-messaging="http://www.springframework.org/schema/cloud/aws/messaging"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/cloud/aws/context
                           http://www.springframework.org/schema/cloud/aws/context/spring-cloud-aws-context-1.0.xsd
                           http://www.springframework.org/schema/cloud/aws/messaging
                           http://www.springframework.org/schema/cloud/aws/messaging/spring-cloud-aws-messaging-1.0.xsd">

       <!-- Define global credentials for all the AWS clients -->
       <aws-context:context-credentials>
              <aws-context:instance-profile-credentials/>
              <aws-context:simple-credentials access-key="accessKeyForMyUser"
                                              secret-key="secretKeyForMyUser"/>
       </aws-context:context-credentials>

       <!-- Messaging-->
       <aws-messaging:notification-messaging-template id="notificationMessagingTemplate" />

</beans>

But when I am trying to send SNS I see error:

02:08:36.445 [http-nio-8080-exec-4] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48)] with root cause
com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSNS; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 65c99dfe-daf2-5f50-a408-d0013c568f48)

Why so? Please, could somebody explain me how to deal with it? It is really difficult part for newbie like me. Thank you in advance!

1

There are 1 answers

0
Rohit On

You need to provide either instance profile credentials or user credentials. Since you are using user credentials remove the instance profile credentials from spring xml beans