List of usage examples for com.amazonaws.services.securitytoken AWSSecurityTokenService assumeRole
AssumeRoleResult assumeRole(AssumeRoleRequest assumeRoleRequest);
Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to.
From source file:com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl.java
License:Open Source License
public AWSCredentials getCredentials() { AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText()); if (StringUtils.isBlank(iamRoleArn)) { return initialCredentials; } else {//w w w .j a v a 2 s. co m // Check for available region from the SDK, otherwise specify default String clientRegion = null; DefaultAwsRegionProviderChain sdkRegionLookup = new DefaultAwsRegionProviderChain(); try { clientRegion = sdkRegionLookup.getRegion(); } catch (com.amazonaws.SdkClientException e) { LOGGER.log(Level.WARNING, "Could not find default region using SDK lookup.", e); } if (clientRegion == null) { clientRegion = Regions.DEFAULT_REGION.getName(); } AWSSecurityTokenService client; // Handle the case of delegation to instance profile if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText())) { client = AWSSecurityTokenServiceClientBuilder.standard().withRegion(clientRegion).build(); } else { client = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(initialCredentials)) .withRegion(clientRegion).build(); } AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn) .withDurationSeconds(this.getStsTokenDuration()); AssumeRoleResult assumeResult = client.assumeRole(assumeRequest); return new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } }
From source file:com.netflix.eureka.aws.AwsAsgUtil.java
License:Apache License
private Credentials initializeStsSession(String asgAccount) { AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider()); String region = clientConfig.getRegion(); if (!region.equals("us-east-1")) { sts.setEndpoint("sts." + region + ".amazonaws.com"); }/*from ww w . ja v a 2s. co m*/ String roleName = serverConfig.getListAutoScalingGroupsRoleName(); String roleArn = "arn:aws:iam::" + asgAccount + ":role/" + roleName; AssumeRoleResult assumeRoleResult = sts.assumeRole( new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("sts-session-" + asgAccount)); return assumeRoleResult.getCredentials(); }
From source file:com.netflix.eureka.util.AwsAsgUtil.java
License:Apache License
private Credentials initializeStsSession(String asgAccount) { AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider()); String region = DiscoveryManager.getInstance().getEurekaClientConfig().getRegion(); if (!region.equals("us-east-1")) { sts.setEndpoint("sts." + region + ".amazonaws.com"); }//from w w w. jav a 2 s .c om String roleName = EurekaServerConfigurationManager.getInstance().getConfiguration() .getListAutoScalingGroupsRoleName(); String roleArn = "arn:aws:iam::" + asgAccount + ":role/" + roleName; AssumeRoleResult assumeRoleResult = sts.assumeRole( new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("sts-session-" + asgAccount)); return assumeRoleResult.getCredentials(); }
From source file:com.netflix.genie.web.util.S3ClientFactory.java
License:Apache License
/** * Get an S3 client given the configuration of the system. * * @return an S3 client/* w w w . ja v a2 s . c om*/ */ public AmazonS3 getS3Client() { if (this.assumeRole) { // TODO: It's possible this could be optimized to reuse a client that a role has already been assumed for // it would take more logic in this class and likely isn't worth it right now before we decide how // 4.x may work best. As it is now create a new client every time one is requested to assume a role // See: https://docs.aws.amazon.com/AmazonS3/latest/dev/AuthUsingTempSessionTokenJava.html final AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(this.awsCredentialsProvider) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); final AssumeRoleRequest roleRequest = new AssumeRoleRequest().withRoleArn(this.roleArn) .withRoleSessionName("Genie-" + UUID.randomUUID().toString()); final AssumeRoleResult roleResult = stsClient.assumeRole(roleRequest); final Credentials sessionCredentials = roleResult.getCredentials(); final BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); return AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); } else { return this.defaultS3Client; } }