By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS IoT Greengrass V2 Token Exchange Service

0

Hi Team,

We am trying to create S3, SNS & Lambda client in Greengrass V2 custom components. As per documentation token exchange service should help with temporary credentials while building this clients. We were using AWS Java SDK V1, with following code base where functionalities are working fine and we were able to make AWS Services call.

AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(new EC2ContainerCredentialsProviderWrapper()) .withRegion(Regions.US_WEST_2).build();

Now, we are in process of changing AWS Java SDK with V2, where "EC2ContainerCredentialsProviderWrapper" support is not there. So, we tried with "DefaultCredentialsProvider", also tried with direct client creation. But in all try, its not working. Moreover, aws.greengrass.TokenExchangeService is also considered in deployment, policy and roles are also properly configured, as it was working fine with AWS SDK Java V1.

-- with DefaultCredentialsProvider SnsClient snsClient = SnsClient.builder().credentialsProvider(DefaultCredentialsProvider.create()) .region(Region.US_WEST_2).build(); -- Direct client building SnsClient snsClient = SnsClient.builder().region(Region.US_WEST_2).build();

Could you please guide what are missing here, as we are getting error like as below "Expected a profile or property definition on line 3"

Thanks, NPatel

Topics
Internet of Things (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Language
English
rePost-User-7846458
asked 10 days ago72 views
1 Answer
0
Accepted Answer

Hello,

Do use the default chain, you do not need to provide it explicitly since it is the default. You also do not need to provide the region.

The error ""Expected a profile or property definition on line 3"" tells you that your ~/.aws/config or ~/.aws/credentials file is corrupted. You should delete these corrupt files.

ContainerCredentialsProvider is the correct provider to use if you do not want to use the default.

Cheers,

Michael

AWS
EXPERT
MichaelDombrowski-AWS
answered 10 days ago
  • MichaelDombrowski-AWS EXPERT
    10 days ago

    There are, that's what the error is complaining about. ~ is the home location for the user that your component is running as. This may be a different user than you are currently logged in as.

  • rePost-User-7846458
    10 days ago

    There are no files on this location ... As I mentioned with V1 version its working fine but when we use V2 its giving this errors.

  • MichaelDombrowski-AWS EXPERT
    10 days ago

    If you want to directly use only the correct credential provider, it is ContainerCredentialsProvider

  • MichaelDombrowski-AWS EXPERT
    10 days ago

    what location are you looking at? By default your component runs as ggc_user, which means you need to look at /home/ggc_user/.aws. If your component is running as root, it will be /root/.aws

    it worked with v1 because you were not using the default chain which includes the profile credential provider.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content