Example usage for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient assumeRole

Introduction

In this page you can find the example usage for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient assumeRole.

Prototype

@Override
public AssumeRoleResult assumeRole(AssumeRoleRequest request)

Source Link

Document

Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to.

Usage

From source file:awslabs.lab41.SolutionCode.java

License:Open Source License

@Override
public Credentials appMode_AssumeRole(AWSSecurityTokenServiceClient stsClient, String roleArn,
        String roleSessionName) {
    Credentials credentials;//from   ww  w.  j a v  a 2 s  .c  om

    //  Construct an AssumeRoleRequest object using the provided role ARN and role session name.
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(roleSessionName)
            .withRoleArn(roleArn);

    //  Submit the requestusing the assumeRole method of the stsClient object. 
    AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest);
    //  Return the credentials from the request result.
    credentials = assumeRoleResult.getCredentials();
    return credentials;
}

From source file:com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.java

License:Apache License

private void initialize() {
    final ArrayList<String> params = new ArrayList<String>();
    if (null != filterParams) {
        Collections.addAll(params, filterParams.split(";"));
    }//  w  ww.  j a va  2 s. c  o  m
    loadMapping();
    if (this.credentials == null && assumeRoleArn != null) {
        AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceClient();
        //        sts_client.setEndpoint("sts-endpoint.amazonaws.com");
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.setRoleArn(assumeRoleArn);
        assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession");
        AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest);
        Credentials assumeCredentials = assumeRoleResult.getCredentials();
        credentials = new BasicSessionCredentials(assumeCredentials.getAccessKeyId(),
                assumeCredentials.getSecretAccessKey(), assumeCredentials.getSessionToken());
    }

    mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration);
    mapper.setFilterParams(params);
    mapper.setEndpoint(endpoint);
    mapper.setRunningStateOnly(runningOnly);
}

From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsCredentialUtil.java

License:Open Source License

public static AWSCredentials getAWSCredentials(String awsAccessKey, String awsSecretKey, String roleARN) {
    AWSCredentials awsCredentials;/*from ww  w  .j  a  v  a  2s  .com*/
    if (isNotEmpty(awsAccessKey) && isNotEmpty(awsSecretKey)) {
        awsCredentials = new BasicAWSCredentials(awsAccessKey.trim(), awsSecretKey.trim());

        // Use user long-term credentials to call the
        // AWS Security Token Service (STS) AssumeRole API, specifying
        // the ARN for the role -RO-role in amazon account.
        if (isNotEmpty(roleARN)) {
            AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(awsCredentials);

            AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleARN.trim())
                    .withRoleSessionName("JRSRequest");

            AssumeRoleResult assumeResult = null;
            try {
                assumeResult = stsClient.assumeRole(assumeRequest);
            } catch (Exception ex) {
                logger.error(ex);
                throw new JSShowOnlyErrorMessage(ex.getMessage());
            }

            // AssumeRole returns temporary security credentials for
            // the IAM role.
            awsCredentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(),
                    assumeResult.getCredentials().getSecretAccessKey(),
                    assumeResult.getCredentials().getSessionToken());
        }
    } else {
        //Try getting Ec2 instance credentials.
        AWSCredentialsProvider instanceCredentialsProvider = new DefaultAWSCredentialsProviderChain();
        try {
            awsCredentials = instanceCredentialsProvider.getCredentials();
        } catch (Exception ex) {
            ApplicationContext ctx = StaticApplicationContext.getApplicationContext();
            MessageSource message = ctx.getBean("messageSource", MessageSource.class);

            logger.error("Exception loading default JRS instance credentials", ex);
            throw new JSShowOnlyErrorMessage(
                    message.getMessage("aws.exception.datasource.load.default.credentials", null,
                            LocaleContextHolder.getLocale()));
        }
    }
    return awsCredentials;
}

From source file:com.yahoo.athenz.zts.store.CloudStore.java

License:Apache License

public AWSTemporaryCredentials assumeAWSRole(String account, String roleName, String principal) {

    if (!awsEnabled) {
        throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "AWS Support not enabled");
    }//from w ww  .java 2  s. co  m

    AssumeRoleRequest req = getAssumeRoleRequest(account, roleName, principal);

    AWSTemporaryCredentials tempCreds;
    try {
        AWSSecurityTokenServiceClient client = getTokenServiceClient();
        AssumeRoleResult res = client.assumeRole(req);

        Credentials awsCreds = res.getCredentials();
        tempCreds = new AWSTemporaryCredentials().setAccessKeyId(awsCreds.getAccessKeyId())
                .setSecretAccessKey(awsCreds.getSecretAccessKey()).setSessionToken(awsCreds.getSessionToken())
                .setExpiration(Timestamp.fromMillis(awsCreds.getExpiration().getTime()));

    } catch (Exception ex) {
        LOGGER.error("CloudStore: assumeAWSRole - unable to assume role: " + ex.getMessage());
        return null;
    }

    return tempCreds;
}

From source file:com.yahoo.athenz.zts.store.MockCloudStore.java

License:Apache License

@Override
AWSSecurityTokenServiceClient getTokenServiceClient() {
    AWSSecurityTokenServiceClient client = Mockito.mock(AWSSecurityTokenServiceClient.class);
    Mockito.when(client.assumeRole(Mockito.any(AssumeRoleRequest.class))).thenReturn(assumeRoleResult);
    Mockito.when(client.getCallerIdentity(Mockito.any(GetCallerIdentityRequest.class)))
            .thenReturn(callerIdentityResult);
    return client;
}

From source file:com.yahoo.athenz.zts.ZTSClient.java

License:Apache License

Credentials assumeAWSRole(String account, String roleName) {

    try {//from   ww w.jav a  2s. c  om
        AssumeRoleRequest req = getAssumeRoleRequest(account, roleName);
        AWSSecurityTokenServiceClient client = new AWSSecurityTokenServiceClient();
        AssumeRoleResult res = client.assumeRole(req);
        return res.getCredentials();
    } catch (Exception ex) {
        LOG.error("assumeAWSRole - unable to assume role: {}", ex.getMessage());
        return null;
    }
}

From source file:fi.yle.tools.aws.maven.SimpleStorageServiceWagon.java

License:Apache License

protected BasicSessionCredentials getAssumedCredentialsIfRequested(
        AuthenticationInfoAWSCredentialsProviderChain credentials) {

    AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials);

    String ARN = getAssumedRoleARN();
    String SESSION = getAssumedRoleSessionName();

    AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(ARN).withRoleSessionName(SESSION);

    AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);

    BasicSessionCredentials assumedCredentials = new BasicSessionCredentials(
            assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(),
            assumeResult.getCredentials().getSessionToken());

    return assumedCredentials;
}

From source file:gobblin.aws.AWSClusterSecurityManager.java

License:Apache License

private void login() throws IOException {
    // Refresh login configuration details from config
    fetchLoginConfiguration();/*from   www  .  j av  a2 s . c  o  m*/

    // Primary AWS user login
    this.basicAWSCredentials = new BasicAWSCredentials(this.serviceAccessKey, this.serviceSecretKey);

    // If running on behalf of another AWS user,
    // .. assume role as configured
    if (this.clientAssumeRole) {
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(this.clientSessionId)
                .withExternalId(this.clientExternalId).withRoleArn(this.clientRoleArn);

        final AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(
                this.basicAWSCredentials);

        final AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest);

        this.basicSessionCredentials = new BasicSessionCredentials(
                assumeRoleResult.getCredentials().getAccessKeyId(),
                assumeRoleResult.getCredentials().getSecretAccessKey(),
                assumeRoleResult.getCredentials().getSessionToken());
    }

    this.lastRefreshTimeInMillis = System.currentTimeMillis();
}

From source file:org.finra.dm.dao.impl.StsOperationsImpl.java

License:Apache License

/**
 * {@inheritDoc}//  w  ww.ja  v a 2  s . c om
 */
@Override
public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient,
        AssumeRoleRequest assumeRoleRequest) {
    return awsSecurityTokenServiceClient.assumeRole(assumeRoleRequest);
}

From source file:org.finra.herd.dao.impl.StsOperationsImpl.java

License:Apache License

@Override
public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient,
        AssumeRoleRequest assumeRoleRequest) {
    return awsSecurityTokenServiceClient.assumeRole(assumeRoleRequest);
}