List of usage examples for com.amazonaws.services.securitytoken.model GetCallerIdentityResult getArn
public String getArn()
The AWS ARN associated with the calling entity.
From source file:com.yahoo.athenz.instance.provider.impl.InstanceAWSProvider.java
License:Apache License
public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) { GetCallerIdentityRequest req = new GetCallerIdentityRequest(); try {/*from w ww.j a v a 2s .c om*/ AWSSecurityTokenServiceClient client = getInstanceClient(info); if (client == null) { LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object"); return false; } GetCallerIdentityResult res = client.getCallerIdentity(req); if (res == null) { LOGGER.error("verifyInstanceIdentity - unable to get caller identity"); return false; } String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/"; if (!res.getArn().startsWith(arn)) { LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}", arn, res.getArn()); return false; } return true; } catch (Exception ex) { LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}", ex.getMessage()); return false; } }