List of usage examples for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient assumeRole
@Override
public AssumeRoleResult assumeRole(AssumeRoleRequest request)
Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to.
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public Credentials appMode_AssumeRole(AWSSecurityTokenServiceClient stsClient, String roleArn, String roleSessionName) { Credentials credentials;//from ww w. j a v a 2 s .c om // Construct an AssumeRoleRequest object using the provided role ARN and role session name. AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(roleSessionName) .withRoleArn(roleArn); // Submit the requestusing the assumeRole method of the stsClient object. AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest); // Return the credentials from the request result. credentials = assumeRoleResult.getCredentials(); return credentials; }
From source file:com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.java
License:Apache License
private void initialize() { final ArrayList<String> params = new ArrayList<String>(); if (null != filterParams) { Collections.addAll(params, filterParams.split(";")); }// w ww. j a va 2 s. c o m loadMapping(); if (this.credentials == null && assumeRoleArn != null) { AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceClient(); // sts_client.setEndpoint("sts-endpoint.amazonaws.com"); AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleArn(assumeRoleArn); assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession"); AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest); Credentials assumeCredentials = assumeRoleResult.getCredentials(); credentials = new BasicSessionCredentials(assumeCredentials.getAccessKeyId(), assumeCredentials.getSecretAccessKey(), assumeCredentials.getSessionToken()); } mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration); mapper.setFilterParams(params); mapper.setEndpoint(endpoint); mapper.setRunningStateOnly(runningOnly); }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsCredentialUtil.java
License:Open Source License
public static AWSCredentials getAWSCredentials(String awsAccessKey, String awsSecretKey, String roleARN) { AWSCredentials awsCredentials;/*from ww w .j a v a 2s .com*/ if (isNotEmpty(awsAccessKey) && isNotEmpty(awsSecretKey)) { awsCredentials = new BasicAWSCredentials(awsAccessKey.trim(), awsSecretKey.trim()); // Use user long-term credentials to call the // AWS Security Token Service (STS) AssumeRole API, specifying // the ARN for the role -RO-role in amazon account. if (isNotEmpty(roleARN)) { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(awsCredentials); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleARN.trim()) .withRoleSessionName("JRSRequest"); AssumeRoleResult assumeResult = null; try { assumeResult = stsClient.assumeRole(assumeRequest); } catch (Exception ex) { logger.error(ex); throw new JSShowOnlyErrorMessage(ex.getMessage()); } // AssumeRole returns temporary security credentials for // the IAM role. awsCredentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } } else { //Try getting Ec2 instance credentials. AWSCredentialsProvider instanceCredentialsProvider = new DefaultAWSCredentialsProviderChain(); try { awsCredentials = instanceCredentialsProvider.getCredentials(); } catch (Exception ex) { ApplicationContext ctx = StaticApplicationContext.getApplicationContext(); MessageSource message = ctx.getBean("messageSource", MessageSource.class); logger.error("Exception loading default JRS instance credentials", ex); throw new JSShowOnlyErrorMessage( message.getMessage("aws.exception.datasource.load.default.credentials", null, LocaleContextHolder.getLocale())); } } return awsCredentials; }
From source file:com.yahoo.athenz.zts.store.CloudStore.java
License:Apache License
public AWSTemporaryCredentials assumeAWSRole(String account, String roleName, String principal) { if (!awsEnabled) { throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "AWS Support not enabled"); }//from w ww .java 2 s. co m AssumeRoleRequest req = getAssumeRoleRequest(account, roleName, principal); AWSTemporaryCredentials tempCreds; try { AWSSecurityTokenServiceClient client = getTokenServiceClient(); AssumeRoleResult res = client.assumeRole(req); Credentials awsCreds = res.getCredentials(); tempCreds = new AWSTemporaryCredentials().setAccessKeyId(awsCreds.getAccessKeyId()) .setSecretAccessKey(awsCreds.getSecretAccessKey()).setSessionToken(awsCreds.getSessionToken()) .setExpiration(Timestamp.fromMillis(awsCreds.getExpiration().getTime())); } catch (Exception ex) { LOGGER.error("CloudStore: assumeAWSRole - unable to assume role: " + ex.getMessage()); return null; } return tempCreds; }
From source file:com.yahoo.athenz.zts.store.MockCloudStore.java
License:Apache License
@Override AWSSecurityTokenServiceClient getTokenServiceClient() { AWSSecurityTokenServiceClient client = Mockito.mock(AWSSecurityTokenServiceClient.class); Mockito.when(client.assumeRole(Mockito.any(AssumeRoleRequest.class))).thenReturn(assumeRoleResult); Mockito.when(client.getCallerIdentity(Mockito.any(GetCallerIdentityRequest.class))) .thenReturn(callerIdentityResult); return client; }
From source file:com.yahoo.athenz.zts.ZTSClient.java
License:Apache License
Credentials assumeAWSRole(String account, String roleName) { try {//from ww w.jav a 2s. c om AssumeRoleRequest req = getAssumeRoleRequest(account, roleName); AWSSecurityTokenServiceClient client = new AWSSecurityTokenServiceClient(); AssumeRoleResult res = client.assumeRole(req); return res.getCredentials(); } catch (Exception ex) { LOG.error("assumeAWSRole - unable to assume role: {}", ex.getMessage()); return null; } }
From source file:fi.yle.tools.aws.maven.SimpleStorageServiceWagon.java
License:Apache License
protected BasicSessionCredentials getAssumedCredentialsIfRequested( AuthenticationInfoAWSCredentialsProviderChain credentials) { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials); String ARN = getAssumedRoleARN(); String SESSION = getAssumedRoleSessionName(); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(ARN).withRoleSessionName(SESSION); AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); BasicSessionCredentials assumedCredentials = new BasicSessionCredentials( assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); return assumedCredentials; }
From source file:gobblin.aws.AWSClusterSecurityManager.java
License:Apache License
private void login() throws IOException { // Refresh login configuration details from config fetchLoginConfiguration();/*from www . j av a2 s . c o m*/ // Primary AWS user login this.basicAWSCredentials = new BasicAWSCredentials(this.serviceAccessKey, this.serviceSecretKey); // If running on behalf of another AWS user, // .. assume role as configured if (this.clientAssumeRole) { AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(this.clientSessionId) .withExternalId(this.clientExternalId).withRoleArn(this.clientRoleArn); final AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient( this.basicAWSCredentials); final AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest); this.basicSessionCredentials = new BasicSessionCredentials( assumeRoleResult.getCredentials().getAccessKeyId(), assumeRoleResult.getCredentials().getSecretAccessKey(), assumeRoleResult.getCredentials().getSessionToken()); } this.lastRefreshTimeInMillis = System.currentTimeMillis(); }
From source file:org.finra.dm.dao.impl.StsOperationsImpl.java
License:Apache License
/** * {@inheritDoc}// w ww.ja v a 2 s . c om */ @Override public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient, AssumeRoleRequest assumeRoleRequest) { return awsSecurityTokenServiceClient.assumeRole(assumeRoleRequest); }
From source file:org.finra.herd.dao.impl.StsOperationsImpl.java
License:Apache License
@Override public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient, AssumeRoleRequest assumeRoleRequest) { return awsSecurityTokenServiceClient.assumeRole(assumeRoleRequest); }