Home > front end >  'Profile file contained no credentials for profile' error when doing PutItem using AWS Jav
'Profile file contained no credentials for profile' error when doing PutItem using AWS Jav

Time:12-14

I'm trying to put an item into a DynamoDB table using the AWS SDK for Java.

I am using the EnhancedPutItem.java example from the docs:

 public static void main(String[] args) {

        ProfileCredentialsProvider credentialsProvider = ProfileCredentialsProvider.create();
        Region region = Region.US_EAST_1;
        DynamoDbClient ddb = DynamoDbClient.builder()
            .credentialsProvider(credentialsProvider)
            .region(region)
            .build();

        DynamoDbEnhancedClient enhancedClient = DynamoDbEnhancedClient.builder()
            .dynamoDbClient(ddb)
            .build();

        putRecord(enhancedClient) ;
        ddb.close();
    }
...

When running locally I can put the item successfully, but when I run my application as a task on Fargate, it throws this error:

software.amazon.awssdk.core.exception.SdkClientException: Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]).

CodePudding user response:

The error states that the SDK is looking for credentials within the default credential profiles file & cannot find any.

This is because the sample code explicitly specifies a ProfileCredentialsProvider as the credentials provider for the DynamoDbClient.

This overrides the default credential provider chain, which by default would be looking for credentials in a variety of locations - including the ECS container credentials.

You need to remove the use of the ProfileCredentialsProvider.


You have 2 options:

  1. specify no credential provider when creating the client - the SDK will fallback to the default credential provider and then find the ECS container credentials; this is the most common option and will most likely work across various environments (as the chain would look sequentially in multiple places)

  2. replace the use of ProfileCredentialsProvider with ContainerCredentialsProvider instead, which would only specifically look for ECS container credentials

Option 1 is recommended as it is the most common configuration & your code has the highest chance of working across various environments (as the chain would look sequentially for multiple credential providers).


To implement option 1, change:

ProfileCredentialsProvider credentialsProvider = ProfileCredentialsProvider.create();
Region region = Region.US_EAST_1;
DynamoDbClient ddb = DynamoDbClient.builder()
    .credentialsProvider(credentialsProvider)
    .region(region)
    .build();

to:

Region region = Region.US_EAST_1;
DynamoDbClient ddb = DynamoDbClient.builder()
    .region(region)
    .build();

CodePudding user response:

Following Ermyia's sugestion I was able to access DynamoDB using the second option:

private AwsCredentialsProvider awsCredentialsProvider =  ContainerCredentialsProvider.builder().build();

private final DynamoDbClient ddb = DynamoDbClient.builder()
        .credentialsProvider(awsCredentialsProvider)
        .region(Region.of(REGION))
        .build();
  • Related