Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can't access Amazon SQS - InvalidClientTokenId

Tags:

spring

apache-camel

amazon-web-services

amazon-sqs

I have an SQS queue set up in AWS. I can send and receive messages perfectly using the AWS CLI and my IAM credentials that I set up.

What I would like to do is consume messages from the queue using Camel, configured via Spring. I tried out this example as it is very clear-cut and to the point:

https://github.com/christian-posta/camel-sqs-example

However, I get the following exception:

com.amazonaws.AmazonServiceException: Status Code: 403, AWS Service: AmazonSQS, 
AWS Request ID: 115057f8-3c4f-5ec6-8fe9-18ea097b2730, AWS Error Code: 
InvalidClientTokenId, AWS Error Message: The security token included in the 
request is invalid.

Amazon provides the most unhelpful documentation:

InvalidClientTokenId

The X.509 certificate or AWS access key ID provided does not exist in our records.

HTTP Status Code: 403

I have double-checked that I am using the exact same IAM credentials as I used through the CLI and that IAM user has a policy allowing read/write access to the queue. I have also toyed around with sending the additional URL params accessKey, secretKey, amazonSQSEndpoint and region as documented by Camel.

Why is Amazon saying that the access key is invalid or doesn't exist in their records and how can I fix my request?

like image 636
tytk Avatar asked Jan 14 '16 23:01

tytk

People also ask

How do I retrieve messages from SQS?

To receive and delete a message (console)Open the Amazon SQS console at https://console.aws.amazon.com/sqs/ . In the navigation pane, choose Queues. On the Queues page, choose a queue. Choose Send and receive messages.

1 Answers

When faced with a situation like this, there are two ways to trouble shoot this.

Option 1: Check the credentials in the ~/.aws/credentials file, where there can be mistakes made in the access key and secret. The probability of getting this wrong is very less, but it could happen.

Option 2: Provide the IAM user with necessary permissions, and check whether the issue gets recreated. If it's your very own AWS account, do give AmazonSQSFullAccess and carry out your work. In this sense, you will not easily run into any permission issues. Also check this link, where it mentions the minimum set of permissions requires for a user to work with AWS SQS.

Since the status code of the response is 403 (forbidden), this definitely has to be something related to authorization. I know my answer is coming two years later, but I once faced with a similar issue, and this worked.

like image 148
Keet Sugathadasa Avatar answered Sep 18 '22 20:09

Keet Sugathadasa
Sign in to Comment

Related questions

How to setup Spring Boot CLI behind a proxy
REST service using Spring Security and Firebase Authentication
Spring Rest - Exception when sending a List of files
Swagger documentation for Kafka Listener
Is there a generic REST query language for JPA, spring-data, spring-data-rest
Slow to start after upgraded to Spring 3
Data binding of an abstract class in spring-mvc
DDD, JPA and Multi-Module Maven
How to split Spring MVC request mapping by parameter value
@Async and @Transactional: not working
Hibernate Exception: Pre-bound JDBC Connection found
@Import vs @ContextConfiguration for importing beans in unit tests
Reproduce com.mysql.jdbc.exceptions.jdbc4.CommunicationsException with a setup of Spring, hibernate and C3P0
Spring 3.2 and Jackson 2: add custom object mapper
Changing data on GET page request (dealing with preloading requests)
Spring Cloud Feign Non blocking I/O or Asynchronous Call
validate OAuth 2.0 access token from a Spring RESTful resource server
IllegalArgumentException exception from Nashorn - Is it a bug in Java 8?
Using TransactionProxyFactoryBean with Spring and Hibernate
Spring boot multi module servletDispatchers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!