得到错误“请求中包括的安全令牌无效".调用StartQueryExecution操作时出现UnrecognizedClientException [英] Getting Error "The security token included in the request is invalid" UnrecognizedClientException when calling the StartQueryExecution operation
问题描述
使用雅典娜凭证以redash设置数据源连接时出现错误.
I am getting error while setup data source connection in redash with athena credential.
我在雅典娜有一个有效的访问权限,在这里我可以运行查询并从S3中获取日志.现在,我想将雅典娜与redash集成在一起,所以我收到了错误消息调用StartQueryExecution操作时发生错误(UnrecognizedClientException):请求中包含的安全令牌无效."
I have a valid access in athena where i can run query and fetch logs from S3. Now i want to integrate athena with redash, SO i am getting error "An error occurred (UnrecognizedClientException) when calling the StartQueryExecution operation: The security token included in the request is invalid."
如果我在这里想念什么,也请让我知道.我在雅典娜中对我的用户拥有完全访问权限.
Also please let me know if i am missing something here. i have full access in athena to my user.
请找到随附的图片,并为此提供帮助. 在此处输入图片描述
Please find the attached image and help me out on this. enter image description here
推荐答案
我可以想到该错误消息的几个原因:
I can think of a couple of reasons for that error message:
- 凭据无效.
- 您使用的是通过STS
AssumeRole
或GetSessionToken
生成的凭据,并且没有在身份验证参数中包括会话令牌(大多数UI不会为您提供输入会话令牌的选项). li>
- 您使用的IAM策略要求提供MFA令牌,并且您没有提供该令牌(我从未见过提供此选项的UI).
- The credentials are invalid.
- You are using credentials generated with STS
AssumeRole
orGetSessionToken
, and you are not including the session token in the authentication parameters (most UIs won't give you the option to input a session token though). - Your IAM policy used requires an MFA token to be present, and you haven't provided one (I've never seen a UI that has an option for this).
我认为您已经以某种方式测试了您的凭据,并且可以排除第一个原因.
I assume you've tested your credentials somehow and that the first reason can be ruled out.
我怀疑,除了IAM用户凭据,该UI不能使用任何东西–即不是临时凭据,不是角色凭据,并且没有MFA,IP范围或策略中类似条件的任何内容.
I suspect that this UI does not work with anything but IAM user credentials – i.e. not temporary credentials, not role credentials, and nothing that has conditions for MFA, or IP ranges, or anything like that in the policy.
我建议您首先使用相同的凭据通过aws-cli启动查询执行.如果收到相同的错误,则说明这是IAM策略(或者可能是缺少会话令牌),但是如果API调用成功,则问题在于UI如何进行API调用.
I suggest you start by using the same credentials to start a query execution with aws-cli. If you get the same error you know it's the IAM policy (or possibly that you're missing a session token), but if the API call succeeds, the issue is in how the UI does the API call.
这篇关于得到错误“请求中包括的安全令牌无效".调用StartQueryExecution操作时出现UnrecognizedClientException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!