CODEWITHSUNDEEP
javaamazon-web-servicescredentialsaws-sdk
Arushi Tomar
Arushi Tomar

Reputation: 63

AWS cannot validate the provided access credentials (eclipse)

I have been working with the AWS SDK for Java to start an amazon EC2 instance through a simple Java program. I have provided my secret and access key in the code itself, and in windows>preferences>aws sdk also. I've also added my credentials to the key I am using. And I am still getting this error

Exception in thread "main" com.amazonaws.AmazonServiceException: AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: cc82e725-5a8a-44d8-9f7c-2031d6db1e1a)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1182)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:489)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:310)
at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:11819)
at com.amazonaws.services.ec2.AmazonEC2Client.startInstances(AmazonEC2Client.java:6153)
at amazon.Amazon.main(Amazon.java:53)

Here is my Java Code

 package amazon;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.regions.Region;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.services.ec2.model.StartInstancesRequest;
import com.amazonaws.services.ec2.model.StartInstancesResult;

public class Amazon 
{
static AmazonEC2 ec2;

    static void authentication() throws Exception {
    AWSCredentials credentials=null;
 credentials = new BasicAWSCredentials("****","****");
 credentials=new ProfileCredentialsProvider().getCredentials();

    System.out.println("Credentials : " + credentials);
    ec2 = new AmazonEC2Client(credentials);
    Region region=Region.getRegion(Regions.AP_SOUTHEAST_1);
    ec2.setRegion(region);

}

  public static void main(String[] args) throws Exception
  {
      authentication(); 
        StartInstancesRequest startInstancesRequest = new StartInstancesRequest();

             startInstancesRequest.withInstanceIds("i-sba78aj1");

   StartInstancesResult res = ec2.startInstances(startInstancesRequest); 
              System.out.println(res.toString());
              return;
      }
}

Can anyone help me out?

Upvotes: 2

Views: 7623

Answers (1)

Frederic Henri
Frederic Henri

Reputation: 53703

I think there is some confusion in your program - when you do :

AWSCredentials credentials=null;
credentials = new BasicAWSCredentials("****","****");
credentials = new ProfileCredentialsProvider().getCredentials();

the line credentials = new BasicAWSCredentials("****","****"); is finally not necessary, as credentials will be set and after replaced with the one from the ProfileCredentialsProvider.

You cannot use at the same time the BasicAWSCredentials and the ProfileCredentialsProvider

When you use ProfileCredentialsProvider you need to have a valid credential file under ~/.aws/credentials the file should be in the form

[default]
aws_access_key_id=XXXXX
aws_secret_access_key=XXXX

In this case you'll do

    AWSCredentials credentials = null;
    try {
        credentials = new ProfileCredentialsProvider().getCredentials();
    } catch (Exception e) {
        throw new AmazonClientException(
                "Cannot load the credentials from the credential profiles file. " +
                "Please make sure that your credentials file is at the correct " +
                "location (~/.aws/credentials), and is in valid format.",
                e);
    }
    AmazonEC2 ec2 = new AmazonEC2Client(credentials);

If you do not use the credential file, you can create the credentials from API from the BasicAWSCredentials as you did:

AWSCredentials credentials = new BasicAWSCredentials("XXXXX", "XXXXX");
// no need to call the ProfileCredentialsProvider in this case
ec2 = new AmazonEC2Client(credentials);

Just a simple note, I understand you might run a quick test and you make it work from a main method, but really declaring static AmazonEC2 ec2; is a bad practice, the EC2Client should not be static. (in simple program it can be alright but as your infrastructure is growing (multiple region, instances ...) , it is just not possible)

Upvotes: 4

Related Questions