问题
I set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables in my local computer and it works fine. When I deploy to Elastic Beanstalk, I set the "Environment properties", but they are passed as -D Java system properties, not set as environment variables, and it generates an error.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-softwaresettings.html?icmpid=docs_elasticbeanstalk_console
while the Tomcat platform sets Java system properties that you retrieve with System.getProperty.
Error
2018-08-03 02:34:37.001 INFO 32073 --- [nio-8080-exec-9] c.s.xxxxx.apis.XxxxxxxApiController : The email was not sent. Error: User 'arn:aws:sts::849611986161:assumed-role/aws-elasticbeanstalk-ec2-role/i-0f447c52c84e1fd93' is not authorized to perform 'ses:SendEmail' on resource 'arn:aws:ses:us-east-1:849611986161:identity/xxxxxx@xxxxx.com' (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: AccessDenied; Request ID: c3835dda-96c5-11e8-8a21-67774160691b)
Amazon SES is expecting environment variables only (or a 'shared credential file' in your home directory). So how do I pass AWS keys to Amazon SES in Elastic Beanstalk for a Java Spring Boot application using the environment?
回答1:
You can use SSM(Systems Manager Service) parameter store to keep your environment variables and access it through any service which has IAM permissions. In this scenario since you need Access Keys, it doesn't need any of the environment variables to be kept. You can just use your Instance Profile inside elastic beanstalk and it will provide you the access key and secret access key of your assigned IAM for the elastic beanstalk. Please refer this document.
回答2:
According to https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default
Java system properties–aws.accessKeyId and aws.secretKey. The AWS SDK for Java uses the SystemPropertiesCredentialsProvider to load these credentials.
So instead of AWS_ACCESS_KEY_ID, set aws.accessKeyId, which is then set as a Java system property on the command line, which is picked up by Amazon SES SDK.
来源:https://stackoverflow.com/questions/51664938/how-do-i-pass-aws-access-key-id-for-amazon-ses-on-elastic-beanstalk