Example usage for com.amazonaws.auth STSAssumeRoleSessionCredentialsProvider STSAssumeRoleSessionCredentialsProvider

List of usage examples for com.amazonaws.auth STSAssumeRoleSessionCredentialsProvider STSAssumeRoleSessionCredentialsProvider

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.auth.*
  5. STSAssumeRoleSessionCredentialsProvider
  6. STSAssumeRoleSessionCredentialsProvider

Introduction

In this page you can find the example usage for com.amazonaws.auth STSAssumeRoleSessionCredentialsProvider STSAssumeRoleSessionCredentialsProvider.

Prototype

@Deprecated
public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
        String roleArn, String roleSessionName)

Source Link

Document

Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the provided #roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's #getCredentials() method.

Usage

From source file:com.gu.logback.appender.kinesis.BaseKinesisAppender.java

License:Open Source License

public void setRoleToAssumeArn(String roleToAssumeArn) {
    this.roleToAssumeArn = roleToAssumeArn;
    if (!Validator.isBlank(roleToAssumeArn)) {
        String sessionId = "session" + Math.random();
        STSAssumeRoleSessionCredentialsProvider remoteAccountCredentials = new STSAssumeRoleSessionCredentialsProvider(
                credentials, roleToAssumeArn, sessionId);

        credentials = remoteAccountCredentials;
    }/* ww w  .  j av  a  2 s.  c o m*/
}

From source file:com.netflix.dynomitemanager.sidecore.aws.AwsRoleAssumptionCredential.java

License:Apache License

@Override
public AWSCredentialsProvider getAwsCredentialProvider() {
    if (this.config.isDualAccount() || this.stsSessionCredentialsProvider == null) {
        synchronized (this) {
            if (this.stsSessionCredentialsProvider == null) {

                String roleArn = null;
                /**//w w w . j a v a 2 s.  c  o  m
                 *  Create the assumed IAM role based on the environment.
                 *  For example, if the current environment is VPC, 
                 *  then the assumed role is for EC2 classic, and vice versa.
                 */
                if (this.insEnvIdentity.isClassic()) {
                    roleArn = this.config.getVpcAWSRoleAssumptionArn(); // Env is EC2 classic --> IAM assumed role for VPC created 
                } else {
                    roleArn = this.config.getClassicAWSRoleAssumptionArn(); // Env is VPC --> IAM assumed role for EC2 classic created 
                }

                //
                if (roleArn == null || roleArn.isEmpty())
                    throw new NullPointerException(
                            "Role ARN is null or empty probably due to missing config entry");

                /**
                 *  Get handle to an implementation that uses AWS Security Token Service (STS) to create temporary, 
                 *  short-lived session with explicit refresh for session/token expiration.
                 */
                try {
                    this.stsSessionCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider(
                            this.cred.getAwsCredentialProvider(), roleArn, AWS_ROLE_ASSUMPTION_SESSION_NAME);

                } catch (Exception ex) {
                    throw new IllegalStateException(
                            "Exception in getting handle to AWS Security Token Service (STS).  Msg: "
                                    + ex.getLocalizedMessage(),
                            ex);
                }

            }

        }
    }

    return this.stsSessionCredentialsProvider;

}

From source file:com.pinterest.secor.uploader.S3UploadManager.java

License:Apache License

public S3UploadManager(SecorConfig config) {
    super(config);

    final String accessKey = mConfig.getAwsAccessKey();
    final String secretKey = mConfig.getAwsSecretKey();
    final String endpoint = mConfig.getAwsEndpoint();
    final String region = mConfig.getAwsRegion();
    final String awsRole = mConfig.getAwsRole();

    s3Path = mConfig.getS3Path();

    AmazonS3 client;/*from  w  w w.  j  a v  a2s .  co  m*/
    AWSCredentialsProvider provider;

    ClientConfiguration clientConfiguration = new ClientConfiguration();
    boolean isHttpProxyEnabled = mConfig.getAwsProxyEnabled();

    //proxy settings
    if (isHttpProxyEnabled) {
        LOG.info("Http Proxy Enabled for S3UploadManager");
        String httpProxyHost = mConfig.getAwsProxyHttpHost();
        int httpProxyPort = mConfig.getAwsProxyHttpPort();
        clientConfiguration.setProxyHost(httpProxyHost);
        clientConfiguration.setProxyPort(httpProxyPort);
    }

    if (accessKey.isEmpty() || secretKey.isEmpty()) {
        provider = new DefaultAWSCredentialsProviderChain();
    } else {
        provider = new AWSCredentialsProvider() {
            public AWSCredentials getCredentials() {
                return new BasicAWSCredentials(accessKey, secretKey);
            }

            public void refresh() {
            }
        };
    }

    if (!awsRole.isEmpty()) {
        provider = new STSAssumeRoleSessionCredentialsProvider(provider, awsRole, "secor");
    }

    client = new AmazonS3Client(provider, clientConfiguration);

    if (!endpoint.isEmpty()) {
        client.setEndpoint(endpoint);
    } else if (!region.isEmpty()) {
        client.setRegion(Region.getRegion(Regions.fromName(region)));
    }

    mManager = new TransferManager(client);
}

From source file:lumbermill.internal.aws.AWSV4SignerFactory.java

License:Apache License

public static RequestSigner createAndAddSignerToConfig(MapWrap parameters) {

    AWSCredentialsProvider longLived = new DefaultAWSCredentialsProviderChain();
    AWSCredentialsProvider credentialsProvider;
    if (parameters.exists("role")) {
        LOG.info("Using IAM role {} to access Elasticsearch", parameters.asString("role"));
        credentialsProvider = new STSAssumeRoleSessionCredentialsProvider(longLived,
                parameters.asString("role"), "lumbermill");
    } else {//from  w  w  w  .ja  v a 2s .  c  om
        credentialsProvider = longLived;
    }

    return new AWSV4SignerImpl(credentialsProvider, parameters.asString("region"), "es");

}