List of usage examples for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient AWSSecurityTokenServiceClient
AWSSecurityTokenServiceClient(AwsSyncClientParams clientParams)
From source file:com.yahoo.athenz.zts.store.CloudStore.java
License:Apache License
AWSSecurityTokenServiceClient getTokenServiceClient() {
return new AWSSecurityTokenServiceClient(credentials);
}
From source file:fi.yle.tools.aws.maven.SimpleStorageServiceWagon.java
License:Apache License
protected BasicSessionCredentials getAssumedCredentialsIfRequested( AuthenticationInfoAWSCredentialsProviderChain credentials) { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials); String ARN = getAssumedRoleARN(); String SESSION = getAssumedRoleSessionName(); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(ARN).withRoleSessionName(SESSION); AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); BasicSessionCredentials assumedCredentials = new BasicSessionCredentials( assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); return assumedCredentials; }
From source file:gobblin.aws.AWSClusterSecurityManager.java
License:Apache License
private void login() throws IOException { // Refresh login configuration details from config fetchLoginConfiguration();// w w w. j a v a2s .c o m // Primary AWS user login this.basicAWSCredentials = new BasicAWSCredentials(this.serviceAccessKey, this.serviceSecretKey); // If running on behalf of another AWS user, // .. assume role as configured if (this.clientAssumeRole) { AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(this.clientSessionId) .withExternalId(this.clientExternalId).withRoleArn(this.clientRoleArn); final AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient( this.basicAWSCredentials); final AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest); this.basicSessionCredentials = new BasicSessionCredentials( assumeRoleResult.getCredentials().getAccessKeyId(), assumeRoleResult.getCredentials().getSecretAccessKey(), assumeRoleResult.getCredentials().getSessionToken()); } this.lastRefreshTimeInMillis = System.currentTimeMillis(); }
From source file:iit.edu.supadyay.s3.S3upload.java
/** * * @return//from w ww . j a va 2 s. c om */ public static AWSCredentials getCredentials() { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient( new ProfileCredentialsProvider()); // // Manually start a session. GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest(); // Following duration can be set only if temporary credentials are requested by an IAM user. getSessionTokenRequest.setDurationSeconds(7200); GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest); Credentials sessionCredentials = sessionTokenResult.getCredentials(); // Package the temporary security credentials as // a BasicSessionCredentials object, for an Amazon S3 client object to use. BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); return basicSessionCredentials; }
From source file:jetbrains.buildServer.util.amazon.AWSClients.java
License:Apache License
@NotNull public AWSSecurityTokenServiceClient createSecurityTokenServiceClient() { return myCredentials == null ? new AWSSecurityTokenServiceClient(myClientConfiguration) : new AWSSecurityTokenServiceClient(myCredentials, myClientConfiguration); }
From source file:org.finra.dm.dao.impl.StsDaoImpl.java
License:Apache License
/** * Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) that can be used to access * the specified AWS resource.//from ww w . j av a 2s .co m * * @param sessionName the session name that will be associated with the temporary credentials. The session name must be the same for an initial set of * credentials and an extended set of credentials if credentials are to be refreshed. The session name also is used to identify the user in AWS logs so it * should be something unique and useful to identify the caller/use. * @param awsRoleArn the AWS ARN for the role required to provide access to the specified AWS resource * @param awsRoleDurationSeconds the duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). * @param policy the temporary policy to apply to this request * * @return the assumed session credentials */ @Override public Credentials getTemporarySecurityCredentials(AwsParamsDto awsParamsDto, String sessionName, String awsRoleArn, int awsRoleDurationSeconds, Policy policy) { // Construct a new AWS security token service client using the specified client configuration to access Amazon S3. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service ClientConfiguration clientConfiguration = new ClientConfiguration(); // Only set the proxy hostname and/or port if they're configured. if (StringUtils.isNotBlank(awsParamsDto.getHttpProxyHost())) { clientConfiguration.setProxyHost(awsParamsDto.getHttpProxyHost()); } if (awsParamsDto.getHttpProxyPort() != null) { clientConfiguration.setProxyPort(awsParamsDto.getHttpProxyPort()); } AWSSecurityTokenServiceClient awsSecurityTokenServiceClient = new AWSSecurityTokenServiceClient( clientConfiguration); // Create the request. AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleSessionName(sessionName); assumeRoleRequest.setRoleArn(awsRoleArn); assumeRoleRequest.setDurationSeconds(awsRoleDurationSeconds); assumeRoleRequest.setPolicy(policy.toJson()); // Get the temporary security credentials. AssumeRoleResult assumeRoleResult = stsOperations.assumeRole(awsSecurityTokenServiceClient, assumeRoleRequest); return assumeRoleResult.getCredentials(); }
From source file:org.finra.herd.dao.impl.StsDaoImpl.java
License:Apache License
/** * Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) that can be used to access * the specified AWS resource.//from ww w.ja v a 2 s. c o m * * @param sessionName the session name that will be associated with the temporary credentials. The session name must be the same for an initial set of * credentials and an extended set of credentials if credentials are to be refreshed. The session name also is used to identify the user in AWS logs so it * should be something unique and useful to identify the caller/use. * @param awsRoleArn the AWS ARN for the role required to provide access to the specified AWS resource * @param awsRoleDurationSeconds the duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). * @param policy the temporary policy to apply to this request * * @return the assumed session credentials */ @Override public Credentials getTemporarySecurityCredentials(AwsParamsDto awsParamsDto, String sessionName, String awsRoleArn, int awsRoleDurationSeconds, Policy policy) { // Construct a new AWS security token service client using the specified client configuration to access Amazon S3. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service ClientConfiguration clientConfiguration = new ClientConfiguration() .withRetryPolicy(retryPolicyFactory.getRetryPolicy()); // Only set the proxy hostname and/or port if they're configured. if (StringUtils.isNotBlank(awsParamsDto.getHttpProxyHost())) { clientConfiguration.setProxyHost(awsParamsDto.getHttpProxyHost()); } if (awsParamsDto.getHttpProxyPort() != null) { clientConfiguration.setProxyPort(awsParamsDto.getHttpProxyPort()); } AWSSecurityTokenServiceClient awsSecurityTokenServiceClient = new AWSSecurityTokenServiceClient( clientConfiguration); // Create the request. AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleSessionName(sessionName); assumeRoleRequest.setRoleArn(awsRoleArn); assumeRoleRequest.setDurationSeconds(awsRoleDurationSeconds); if (policy != null) { assumeRoleRequest.setPolicy(policy.toJson()); } // Get the temporary security credentials. AssumeRoleResult assumeRoleResult = stsOperations.assumeRole(awsSecurityTokenServiceClient, assumeRoleRequest); return assumeRoleResult.getCredentials(); }
From source file:org.jets3t.service.security.AWSRoleSessionCredentials.java
License:Apache License
private void assumeRoleAndGetCredentials() { int defaultRequestedExpiryTimeInMinutes = jets3tProperties .getIntProperty("aws.session-credentials.expiry-time.to-be-requested", 60); com.amazonaws.auth.AWSCredentials awsCredentials = new BasicAWSCredentials(iamAccessKey, iamSecretKey); AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(awsCredentials); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleToBeAssumed) .withDurationSeconds(defaultRequestedExpiryTimeInMinutes * 60) .withRoleSessionName(DEFAULT_SESSION_NAME); if (externalId != null) { assumeRequest = assumeRequest.withExternalId(externalId); }//www . ja va 2 s .co m AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); this.accessKey = assumeResult.getCredentials().getAccessKeyId(); this.secretKey = assumeResult.getCredentials().getSecretAccessKey(); this.sessionToken = assumeResult.getCredentials().getSessionToken(); this.expirationDate = assumeResult.getCredentials().getExpiration(); }
From source file:org.zalando.stups.fullstop.plugin.example.ExamplePlugin.java
License:Apache License
private AmazonEC2Client getClientForAccount(final String accountId, final Region region) { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient( new ProfileCredentialsProvider()); AssumeRoleRequest assumeRequest = new AssumeRoleRequest() .withRoleArn("arn:aws:iam::ACCOUNT_ID:role/fullstop-role").withDurationSeconds(3600) .withRoleSessionName("fullstop-role"); AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials( assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); AmazonEC2Client amazonEC2Client = new AmazonEC2Client(temporaryCredentials); amazonEC2Client.setRegion(region);//from w w w .j a v a2s .c om return amazonEC2Client; }