NserviceBus with SQS transport - throwing error due to invalid credentials

amazonsqs

(Raj Shelar) #1

I am using following binaries
NServiceBus.Core 5.0.0.0
NServiceBus.Host 6.0.0.0
NServiceBus.AmazonSQS 1.0.0.0

I am trying to configure endpoint as below

var transport = configuration.UseTransport();
configuration.EndpointName(“xxx”);
transport.ConnectionString(
@“Region=us-east-1;S3BucketForLargeMessages=xyz;S3KeyPrefix=’’;”);

Also in app.config set access key and secret key as below as per link https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html

App.config

 <add key="AWSProfileName" value="default" />
 <add key="AWSRegion" value="us-east-1" />
<add key="AWSProfilesLocation" value="C:\credentials.txt"/>
<add key="AWSAccessKey" value="xxxx" />
<add key="AWSSecretKey" value="xyz" />

I am getting below error after running

2018-06-05 23:33:12.745 ERROR NServiceBus.GenericHost Exception when starting endpoint.
Autofac.Core.DependencyResolutionException: An exception was thrown while executing a resolve operation. See the InnerException for details. ---> The environment variables AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_SESSION_TOKEN were not set with AWS credentials. (See inner exception for details.) ---> System.InvalidOperationException: The environment variables AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_SESSION_TOKEN were not set with AWS credentials.
   at Amazon.Runtime.EnvironmentVariablesAWSCredentials.FetchCredentials()
   at NServiceBus.AmazonSQS.AwsClientFactory.CreateCredentials(SqsConnectionConfiguration connectionConfiguration)
   at NServiceBus.AmazonSQS.AwsClientFactory.CreateS3Client(SqsConnectionConfiguration connectionConfiguration)
   at Autofac.Builder.RegistrationBuilder.<>c__DisplayClass1`1.<ForDelegate>b__0(IComponentContext c, IEnumerable`1 p)
   at Autofac.Core.Activators.Delegate.DelegateActivator.ActivateInstance(IComponentContext context, IEnumerable`1 parameters)
   at Autofac.Core.Resolving.InstanceLookup.Activate(IEnumerable`1 parameters)
   at Autofac.Core.Lifetime.LifetimeScope.GetOrCreateAndShare(Guid id, Func`1 creator)
   at Autofac.Core.Resolving.InstanceLookup.Execute()
   at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, IComponentRegistration registration, IEnumerable`1 parameters)
   at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable`1 parameters, Object& instance)
   at Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable`1 parameters)
   at Autofac.Core.Activators.Reflection.AutowiringPropertyInjector.InjectProperties(IComponentContext context, Object instance, Boolean overrideSetValues)
   at Autofac.Core.Registration.ComponentRegistration.RaiseActivating(IComponentContext context, IEnumerable`1 parameters, Object& instance)
   at Autofac.Core.Resolving.InstanceLookup.Activate(IEnumerable`1 parameters)
   at Autofac.Core.Resolving.InstanceLookup.Execute()
   at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, IComponentRegistration registration, IEnumerable`1 parameters)

I am running this application from my local machine not EC2 instance. I have below specific questions

  1. In below link it is mentioned set environmental variables for access keys and secret key
    https://docs.particular.net/transports/sqs/?version=sqs_1
    Would I need to add environmental variables for those? What If I run this on EC2 instance?
  2. Is my connection string correct? I want to keep S3KeyPrefix as empty.
  3. Can we not provide access key and secret key from code itself?

(Mauro Servienti) #2

Hi,

Can you clarify if you’re using NServiceBus Core 6 or 5?
Because the error seems to be related to the way SQS for Core 6 behaves, in which case it can’t be SQS 1.

Thanks,
.m


(Daniel Marbach) #4

Hi Raj

Unfortunately, the version of SQS that you are using does use an overloaded constructor of the SDK types which changes the default behavior of retrieving the credentials. We fixed that in Version 4 of the transport but that would require you to target NSB v7.

The default credential source retries the keys from the environment variables. If you are running in EC2 you can specify the InstanceProfile credential source as described here

var transport = busConfiguration.UseTransport<SqsTransport>();
transport.ConnectionString("CredentialSource=InstanceProfile;");

https://docs.particular.net/transports/sqs/configuration-options?version=sqs_1#credentialsource

To your question whether your connection string is correct. The region part looks ok. If you are not sending large messages then you don’t need to specify the bucket. If you intend to send large messages specifying the bucket like you did makes sense. If you want to leave the prefix empty then don’t specify the prefix. The default value is empty as described in

https://docs.particular.net/transports/sqs/configuration-options?version=sqs_1#s3bucketforlargemessages-s3keyprefix

Hope that helps

Regards
Daniel


(Raj Shelar) #5

“InstanceProfile” - Is the the role attached to EC2 instance?


(Daniel Marbach) #6

Yes,

the endpoint will use the credentials of the first EC2 role attached to the EC2 instance. This is only valid when running the endpoint on an EC2 instance.

The credentials that are retrieved from the Instance Profile service on an EC2 instance

I hope that helps

Regards
Daniel


(Raj Shelar) #7

Ok thanks, has this role also to be attached to S3 bucket and SQS to be accessible by EC2 instance?


(Daniel Marbach) #8

Hi

The role needs the appropriate access rights for SQS and S3 if you are using S3 to store the large messages

Regards
Daniel