我从java spring启动应用程序连接到远程mongodb时遇到了一些麻烦.MongoDB服务器没有设置防火墙,我可以从另一台机器远程连接到mongo.我有一个包含集合和用户设置的数据库.当我尝试使用用户凭据从我的Java应用程序连接到数据库时,我得到一个例外:
com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='sokrates', source='homeControl', password=<hidden>, mechanismProperties={}}
at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:61) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.DefaultAuthenticator.authenticate(DefaultAuthenticator.java:32) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.authenticateAll(InternalStreamConnectionInitializer.java:99) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:44) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:128) ~[mongodb-driver-core-3.2.2.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_92]
Caused by: com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server localhost:27017. The full response is { "ok" : 0.0, "code" : 18, "errmsg" : "Authentication failed." }
at com.mongodb.connection.CommandHelper.createCommandFailureException(CommandHelper.java:170) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.CommandHelper.receiveCommandResult(CommandHelper.java:123) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.SaslAuthenticator.sendSaslStart(SaslAuthenticator.java:95) ~[mongodb-driver-core-3.2.2.jar:na]
at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:45) ~[mongodb-driver-core-3.2.2.jar:na]
... 6 common frames omitted …我试图将对API网关端点的访问限制为来自VPC的请求。有示例API网关资源策略,甚至还包括RestApi资源上的Policy属性,但是当尚未创建API时,我无法弄清楚如何编写需要API ID的策略。我有一个示例,可以根据AWS文档了解堆栈的外观:
MyRestApi:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: My Great API
Policy:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: '*'
Action: execute-api:Invoke
Resource:
Fn::Join:
- - ''
- 'arn:aws:execute-api:'
- Ref: region
- ':'
- Ref: accountId
- ':'
- Ref: MyRestApi
- Effect: Deny
Principal: '*'
Action: execute-api:Invoke
Resource:
Fn::Join:
- - ''
- 'arn:aws:execute-api:'
- Ref: Region
- ':'
- Ref: AccountId
- ':'
- Ref: MyRestApi
Condition:
StringNotEquals:
"aws:SourceVpc":
Ref: VpcId
症结在于,仍在创建策略时,我无法在策略中引用MyRestApi。我敢肯定我不是唯一想这样做的人。我宁愿认为这是一个普遍的问题,所以很有可能我还没有找到答案。
谢谢你的帮助,
斯特凡
amazon-web-services aws-cloudformation aws-api-gateway api-gateway