Example usage for com.amazonaws.services.securitytoken.model GetCallerIdentityResult getArn

List of usage examples for com.amazonaws.services.securitytoken.model GetCallerIdentityResult getArn

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.securitytoken.model.*
  5. GetCallerIdentityResult
  6. getArn

Introduction

In this page you can find the example usage for com.amazonaws.services.securitytoken.model GetCallerIdentityResult getArn.

Prototype


public String getArn()

Source Link

Document

The AWS ARN associated with the calling entity.

Usage

From source file:com.yahoo.athenz.instance.provider.impl.InstanceAWSProvider.java

License:Apache License

public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {

    GetCallerIdentityRequest req = new GetCallerIdentityRequest();

    try {/*from w ww.j  a v  a 2s .c om*/
        AWSSecurityTokenServiceClient client = getInstanceClient(info);
        if (client == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
            return false;
        }

        GetCallerIdentityResult res = client.getCallerIdentity(req);
        if (res == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
            return false;
        }

        String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
        if (!res.getArn().startsWith(arn)) {
            LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}", arn,
                    res.getArn());
            return false;
        }

        return true;

    } catch (Exception ex) {
        LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}", ex.getMessage());
        return false;
    }
}