List of usage examples for com.amazonaws.services.securitytoken.model AssumeRoleRequest AssumeRoleRequest
AssumeRoleRequest
From source file:CodeBuildCredentials.java
License:Open Source License
@Override public void refresh() { if (!iamRoleArn.isEmpty()) { if (!haveCredentialsExpired()) { return; }/*from w w w .j ava2 s.co m*/ AWSCredentialsProvider credentialsProvider = AWSClientFactory .getBasicCredentialsOrDefaultChain(accessKey, secretKey); AWSCredentials credentials = credentialsProvider.getCredentials(); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(iamRoleArn) .withExternalId(externalId).withDurationSeconds(3600) .withRoleSessionName("CodeBuild-Jenkins-Plugin"); AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(credentials) .assumeRole(assumeRequest); roleCredentials = assumeResult.getCredentials(); } }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public Credentials appMode_AssumeRole(AWSSecurityTokenServiceClient stsClient, String roleArn, String roleSessionName) { Credentials credentials;/* ww w . java2 s . co m*/ // Construct an AssumeRoleRequest object using the provided role ARN and role session name. AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(roleSessionName) .withRoleArn(roleArn); // Submit the requestusing the assumeRole method of the stsClient object. AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest); // Return the credentials from the request result. credentials = assumeRoleResult.getCredentials(); return credentials; }
From source file:com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl.java
License:Open Source License
private static AssumeRoleRequest createAssumeRoleRequest(String iamRoleArn) { return new AssumeRoleRequest().withRoleArn(iamRoleArn).withRoleSessionName("Jenkins"); }
From source file:com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.java
License:Apache License
private void initialize() { final ArrayList<String> params = new ArrayList<String>(); if (null != filterParams) { Collections.addAll(params, filterParams.split(";")); }/* w ww .j a va2 s . c om*/ loadMapping(); if (this.credentials == null && assumeRoleArn != null) { AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceClient(); // sts_client.setEndpoint("sts-endpoint.amazonaws.com"); AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleArn(assumeRoleArn); assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession"); AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest); Credentials assumeCredentials = assumeRoleResult.getCredentials(); credentials = new BasicSessionCredentials(assumeCredentials.getAccessKeyId(), assumeCredentials.getSecretAccessKey(), assumeCredentials.getSessionToken()); } mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration); mapper.setFilterParams(params); mapper.setEndpoint(endpoint); mapper.setRunningStateOnly(runningOnly); }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsCredentialUtil.java
License:Open Source License
public static AWSCredentials getAWSCredentials(String awsAccessKey, String awsSecretKey, String roleARN) { AWSCredentials awsCredentials;/*from w w w .ja va 2 s .co m*/ if (isNotEmpty(awsAccessKey) && isNotEmpty(awsSecretKey)) { awsCredentials = new BasicAWSCredentials(awsAccessKey.trim(), awsSecretKey.trim()); // Use user long-term credentials to call the // AWS Security Token Service (STS) AssumeRole API, specifying // the ARN for the role -RO-role in amazon account. if (isNotEmpty(roleARN)) { AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(awsCredentials); AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleARN.trim()) .withRoleSessionName("JRSRequest"); AssumeRoleResult assumeResult = null; try { assumeResult = stsClient.assumeRole(assumeRequest); } catch (Exception ex) { logger.error(ex); throw new JSShowOnlyErrorMessage(ex.getMessage()); } // AssumeRole returns temporary security credentials for // the IAM role. awsCredentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } } else { //Try getting Ec2 instance credentials. AWSCredentialsProvider instanceCredentialsProvider = new DefaultAWSCredentialsProviderChain(); try { awsCredentials = instanceCredentialsProvider.getCredentials(); } catch (Exception ex) { ApplicationContext ctx = StaticApplicationContext.getApplicationContext(); MessageSource message = ctx.getBean("messageSource", MessageSource.class); logger.error("Exception loading default JRS instance credentials", ex); throw new JSShowOnlyErrorMessage( message.getMessage("aws.exception.datasource.load.default.credentials", null, LocaleContextHolder.getLocale())); } } return awsCredentials; }
From source file:com.netflix.eureka.aws.AwsAsgUtil.java
License:Apache License
private Credentials initializeStsSession(String asgAccount) { AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider()); String region = clientConfig.getRegion(); if (!region.equals("us-east-1")) { sts.setEndpoint("sts." + region + ".amazonaws.com"); }//from w w w.j a v a 2 s .c om String roleName = serverConfig.getListAutoScalingGroupsRoleName(); String roleArn = "arn:aws:iam::" + asgAccount + ":role/" + roleName; AssumeRoleResult assumeRoleResult = sts.assumeRole( new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("sts-session-" + asgAccount)); return assumeRoleResult.getCredentials(); }
From source file:com.netflix.eureka.util.AwsAsgUtil.java
License:Apache License
private Credentials initializeStsSession(String asgAccount) { AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider()); String region = DiscoveryManager.getInstance().getEurekaClientConfig().getRegion(); if (!region.equals("us-east-1")) { sts.setEndpoint("sts." + region + ".amazonaws.com"); }/*ww w . j a v a 2 s . c o m*/ String roleName = EurekaServerConfigurationManager.getInstance().getConfiguration() .getListAutoScalingGroupsRoleName(); String roleArn = "arn:aws:iam::" + asgAccount + ":role/" + roleName; AssumeRoleResult assumeRoleResult = sts.assumeRole( new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("sts-session-" + asgAccount)); return assumeRoleResult.getCredentials(); }
From source file:com.netflix.genie.web.util.S3ClientFactory.java
License:Apache License
/** * Get an S3 client given the configuration of the system. * * @return an S3 client/* ww w .j a v a2 s . c o m*/ */ public AmazonS3 getS3Client() { if (this.assumeRole) { // TODO: It's possible this could be optimized to reuse a client that a role has already been assumed for // it would take more logic in this class and likely isn't worth it right now before we decide how // 4.x may work best. As it is now create a new client every time one is requested to assume a role // See: https://docs.aws.amazon.com/AmazonS3/latest/dev/AuthUsingTempSessionTokenJava.html final AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(this.awsCredentialsProvider) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); final AssumeRoleRequest roleRequest = new AssumeRoleRequest().withRoleArn(this.roleArn) .withRoleSessionName("Genie-" + UUID.randomUUID().toString()); final AssumeRoleResult roleResult = stsClient.assumeRole(roleRequest); final Credentials sessionCredentials = roleResult.getCredentials(); final BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); return AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); } else { return this.defaultS3Client; } }
From source file:com.netflix.ice.common.AwsUtils.java
License:Apache License
/** * Get assumes IAM credentials.//w w w .java 2s . c om * @param accountId * @param assumeRole * @return assumes IAM credentials */ public static Credentials getAssumedCredentials(String accountId, String assumeRole, String externalId) { AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest() .withRoleArn("arn:aws:iam::" + accountId + ":role/" + assumeRole) .withRoleSessionName(assumeRole.substring(0, Math.min(assumeRole.length(), 32))); if (!StringUtils.isEmpty(externalId)) assumeRoleRequest.setExternalId(externalId); AssumeRoleResult roleResult = securityClient.assumeRole(assumeRoleRequest); return roleResult.getCredentials(); }
From source file:com.netflix.simianarmy.aws.STSAssumeRoleSessionCredentialsProvider.java
License:Apache License
/** * Starts a new session by sending a request to the AWS Security Token * Service (STS) to assume a Role using the long lived AWS credentials. This * class then vends the short lived session credentials for the assumed Role * sent back from STS.// w w w . j a va 2s .c o m */ private void startSession() { AssumeRoleResult assumeRoleResult = securityTokenService .assumeRole(new AssumeRoleRequest().withRoleArn(roleArn) .withDurationSeconds(DEFAULT_DURATION_SECONDS).withRoleSessionName("SimianArmy")); Credentials stsCredentials = assumeRoleResult.getCredentials(); sessionCredentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }