Amazon web services - software.amazon.awssdk.services.dynamodb.model.DynamoDbException: The security token included in the request is invalid

anonymous
September 9, 2024
141 views
0 votes
2 Answers

I want to use the AWS SKD v2 of DynamoDB which can accepts the table name dynamically and return all the records and I am creating the Rest API for the same. I have to use the access key and secret key to configure the client for DynamoDB. Please note that I am using the direct AWS resource and have not setup any local DynamoDB. When I call the API I am getting the software.amazon.awssdk.services.dynamodb.model.DynamoDbException: The security token included in the request is invalid.

I have also tried to setup using the aws configure with correct AWS access key and secret key along with region but when I to hit the API I am getting the same.

To verify the keys, I have created basic Python script which can retrieve the records from DynamoDB successfully. So keys are valid.

DynamoDBConfig

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.dynamodb.DynamoDbClient;

@Configuration
public class DynamoDBConfig {

  @Bean
  public DynamoDbClient dynamoDbClient() {
    return DynamoDbClient.builder()
        .region(Region.EU_WEST_2)
        .credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(
            "access key",
            "secret key"
        )))
        .build();
  }

}

DynamoDBService

import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
import software.amazon.awssdk.services.dynamodb.model.AttributeValue;
import software.amazon.awssdk.services.dynamodb.model.GetItemRequest;
import software.amazon.awssdk.services.dynamodb.model.ScanRequest;
import software.amazon.awssdk.services.dynamodb.model.ScanResponse;
import org.springframework.stereotype.Service;

import java.util.Map;

@Service
public class DynamoDBService {

  private final DynamoDbClient dynamoDbClient;

  public DynamoDBService(DynamoDbClient dynamoDbClient) {
    this.dynamoDbClient = dynamoDbClient;
  }

  public ScanResponse getAllItems(String tableName) {
    ScanRequest scanRequest = ScanRequest.builder()
        .tableName(tableName)
        .build();
    return dynamoDbClient.scan(scanRequest);
  }

  public Map<String, AttributeValue> getItem(String tableName, String keyFieldName, String keyFieldValue) {
    GetItemRequest getItemRequest = GetItemRequest.builder()
        .tableName(tableName)
        .key(Map.of(keyFieldName, AttributeValue.builder().s(keyFieldValue).build()))
        .build();
    return dynamoDbClient.getItem(getItemRequest).item();
  }

}

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.2.7</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.abc</groupId>
    <artifactId>poc.dynamodb</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>poc.dynamodb</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <!-- Spring Boot Starter Web -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <!-- AWS SDK for DynamoDB -->
        <dependency>
            <groupId>software.amazon.awssdk</groupId>
            <artifactId>dynamodb</artifactId>
            <version>2.20.26</version>
        </dependency>

        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
            <version>2.6.0</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

Answers

- AshishKamble
- September 9, 2024 at 8:04 am
- 0 votes
0
you must have to setup your IDE with the AWS plugin like aws toolkit for vscode before running any aws services in local throu the IDE, check your folder ~/.aws/credentials and replace new downloaded file with working non expired values,
```
[default]
aws_access_key_id = AWS access key ID goes here
aws_secret_access_key = Secret key goes here 
```
default will be the profile you have to setup with your IDE and aws plugin

as this error specific to only access keys, You have to verify that correct values are getting used, You are having this error due to inactive user credentials, incorrect access keys, or incorrect secret access keys.
You can verify with aws GetCallerIdentity
Login or Signup to reply.

- smac2020
- September 9, 2024 at 4:28 pm
- 0 votes
0
There is an example of using DynamoDB Java V2 API in a Spring Boot project in AWS Github. Also, when using V2, you do not have to state your keys in the code. There is a order in whick keys are checked. I personally use:

C:Usersscmacdon.awscredentials.

SO if you have your keys in that file, they will be used.

Read and follow this content:

Creating a Spring Boot application that queries Amazon DynamoDB data

Login or Signup to reply.