Update AWS credentials

php editor Apple brings you the latest guide on "Updating AWS Credentials". AWS credentials are required to access Amazon Web Services (AWS) resources, however, over time, credentials can expire or become invalid. To ensure that you can continue to access and manage AWS resources, it is critical to regularly update your AWS credentials. This guide will walk you through how to update your AWS credentials to ensure your work is uninterrupted, and provide some helpful tips and considerations so you can do this smoothly. Let’s find out together!

Question content

I need advice on how to update AWS credentials after they expire.

I create the bean of amazonsimpleemailservice in this way:

@Bean
    public AmazonSimpleEmailService getSesClient() {
        return AmazonSimpleEmailServiceClientBuilder.standard()
                .withCredentials(new AWSStaticCredentialsProvider(new STSAssumeRoleSessionCredentialsProvider.Builder("ses-role-us-west-2", "mail-sender")
                        .build()
                        .getCredentials())
                )
                .withRegion(Regions.US_WEST_2).build();
    }

But when I try to use it I get the error:

The security token included in the request has expired (Service: amazonsimpleemailservice; Status code: 403; Error code: expiredtoken

If I create a ses client instance before each mail sending - it works fine, but creating a new instance before each use seems to be a bad practice.

I understand there is an issue with the credentials I get via stsassumerolesessioncredentialsprovider - they just have an expiration time.

I'm wondering if there should be a way to automatically renew credentials when they are about to expire, so I'd really appreciate any suggestions on how to do this.

Workaround

stsassumerolesessioncredentialsprovider will automatically refresh credentials, but you are preventing that functionality by getting a set of credentials and passing them to an awsstaticcredentialsprovider instance .

This should allow you to use the sts provider's auto-refresh:

@Bean
    public AmazonSimpleEmailService getSesClient() {
        return AmazonSimpleEmailServiceClientBuilder.standard()
                .withCredentials(new STSAssumeRoleSessionCredentialsProvider.Builder("ses-role-us-west-2", "mail-sender")
                        .build()
                )
                .withRegion(Regions.US_WEST_2).build();
    }

The above is the detailed content of Update AWS credentials. For more information, please follow other related articles on the PHP Chinese website!