com.amazonaws.auth.InstanceProfileCredentialsProvider Java Examples

The following examples show how to use com.amazonaws.auth.InstanceProfileCredentialsProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AwsSessionCredentialClient.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
private AWSSecurityTokenService awsSecurityTokenServiceClient(AwsCredentialView awsCredential) {
    if (!awsEnvironmentVariableChecker.isAwsAccessKeyAvailable(awsCredential)
            || !awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable(awsCredential)) {
        LOGGER.debug("AWSSecurityTokenServiceClient will use aws metadata because environment variables are undefined");
        return AWSSecurityTokenServiceClientBuilder.standard()
                .withRegion(awsDefaultZoneProvider.getDefaultZone(awsCredential))
                .withCredentials(new InstanceProfileCredentialsProvider())
                .build();
    } else {
        LOGGER.debug("AWSSecurityTokenServiceClient will use environment variables");
        return AWSSecurityTokenServiceClientBuilder.standard()
                .withRegion(awsDefaultZoneProvider.getDefaultZone(awsCredential))
                .withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
                .build();
    }
}
 
Example #2
Source File: AirpalModule.java    From airpal with Apache License 2.0 6 votes vote down vote up
@Singleton
@Provides
@Nullable
public AmazonS3 provideAmazonS3Client(@Nullable AWSCredentials awsCredentials, @Nullable EncryptionMaterialsProvider encryptionMaterialsProvider)
{
    if (awsCredentials == null) {
        if (encryptionMaterialsProvider == null) {
            return new AmazonS3Client(new InstanceProfileCredentialsProvider());
        }
        else {
            return new AmazonS3EncryptionClient(new InstanceProfileCredentialsProvider(), encryptionMaterialsProvider);
        }
    }

    if (encryptionMaterialsProvider == null) {
        return new AmazonS3Client(awsCredentials);
    }
    else {
        return new AmazonS3EncryptionClient(awsCredentials, encryptionMaterialsProvider);
    }
}
 
Example #3
Source File: AwsClient.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
public void validateEnvironmentForRoleAssuming(AwsCredentialView awsCredential, boolean awsAccessKeyAvailable, boolean awsSecretAccessKeyAvailable) {
    String accessKeyString = awsEnvironmentVariableChecker.getAwsAccessKeyString(awsCredential);
    String secretAccesKeyString = awsEnvironmentVariableChecker.getAwsSecretAccessKey(awsCredential);

    if (awsAccessKeyAvailable && !awsSecretAccessKeyAvailable) {
        throw new CredentialVerificationException(String.format("If '%s' available then '%s' must be set!", accessKeyString, secretAccesKeyString));
    } else if (awsSecretAccessKeyAvailable && !awsAccessKeyAvailable) {
        throw new CredentialVerificationException(String.format("If '%s' available then '%s' must be set!", secretAccesKeyString, accessKeyString));
    } else if (!awsAccessKeyAvailable) {
        try {
            try (InstanceProfileCredentialsProvider provider = getInstanceProfileProvider()) {
                provider.getCredentials();
            } catch (IOException e) {
                LOGGER.error("Unable to create AWS provider", e);
                throw new CredentialVerificationException("Unable to create AWS provider");
            }
        } catch (AmazonClientException ignored) {
            StringBuilder sb = new StringBuilder();
            sb.append(String.format("The '%s' and '%s' environment variables must be set ", accessKeyString, secretAccesKeyString));
            sb.append("or an instance profile role should be available.");
            LOGGER.info(sb.toString());
            throw new CredentialVerificationException(sb.toString());
        }
    }
}
 
Example #4
Source File: AWSObjectStoreFactory.java    From athenz with Apache License 2.0 6 votes vote down vote up
String getAuthToken(String hostname, int port, String rdsUser, String rdsIamRole) {
    
    InstanceProfileCredentialsProvider awsCredProvider = new InstanceProfileCredentialsProvider(true);
    
      if (LOG.isDebugEnabled()) {
          LOG.debug("getAuthToken: Access key id: {}", awsCredProvider.getCredentials().getAWSAccessKeyId());
      }
      
      RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
            .credentials(awsCredProvider)
            .region(EC2MetadataUtils.getEC2InstanceRegion())
            .build();
    
    if (LOG.isDebugEnabled()) {
        LOG.debug("Instance {} Port {} User {} Region: {} Role: {}", hostname, port, rdsUser,
                EC2MetadataUtils.getEC2InstanceRegion(), rdsIamRole);
    }
    
    return generator.getAuthToken(GetIamAuthTokenRequest.builder()
           .hostname(hostname).port(port).userName(rdsUser)
           .build());
}
 
Example #5
Source File: STSCredentialProviderV1.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
public STSCredentialProviderV1(URI uri, Configuration conf) throws IOException {

    AWSCredentialsProvider awsCredentialsProvider = null;

    //TODO: Leverage S3AUtils createAwsCredentialProvider

    if (S3StoragePlugin.ACCESS_KEY_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
      awsCredentialsProvider = new SimpleAWSCredentialsProvider(uri, conf);
    } else if (S3StoragePlugin.EC2_METADATA_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
      awsCredentialsProvider = InstanceProfileCredentialsProvider.getInstance();
    }

    final String region = S3FileSystem.getAWSRegionFromConfigurationOrDefault(conf).toString();
    final AWSSecurityTokenServiceClientBuilder builder = AWSSecurityTokenServiceClientBuilder.standard()
      .withCredentials(awsCredentialsProvider)
      .withClientConfiguration(S3AUtils.createAwsConf(conf, ""))
      .withRegion(region);
    S3FileSystem.getStsEndpoint(conf).ifPresent(e -> {
      builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(e, region));
    });

    this.stsAssumeRoleSessionCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(
      conf.get(Constants.ASSUMED_ROLE_ARN), UUID.randomUUID().toString())
      .withStsClient(builder.build())
      .build();
  }
 
Example #6
Source File: TagTest.java    From herd-mdl with Apache License 2.0 6 votes vote down vote up
@Test
public void testSqsTagsAreSameAsHerdEC2Stack() throws Exception {
    String sqsNamePrefix = INSTANCE_NAME;
    String herdStackNamePrefix = APP_STACK_NAME + "-MdlStack-";

    CloudFormationClient cloudFormationClient = new CloudFormationClient(APP_STACK_NAME);
    List<Tag> stackTags = cloudFormationClient.getStackByNamePrefix(herdStackNamePrefix).getTags();

    System.out.println("Listing all queues with prefix: " + sqsNamePrefix);
    AmazonSQS sqs = AmazonSQSClientBuilder.standard().withRegion(Regions.getCurrentRegion().getName())
        .withCredentials(new InstanceProfileCredentialsProvider(true)).build();
    List<String> queueUrls = sqs.listQueues(sqsNamePrefix).getQueueUrls();
    assertEquals(2, queueUrls.size(), "2 queues are expected");
    for (String queueUrl : queueUrls) {
        System.out.println("QueueUrl: " + queueUrl);
        Map<String, String> sqsTags = sqs.listQueueTags(queueUrl).getTags();

        LogVerification("Verify sqs tags are the same as herd stack");
        stackTags.forEach(tag -> {
            String key = tag.getKey();
            assertTrue(sqsTags.containsKey(key));
            assertEquals(tag.getValue(), sqsTags.get(key));
        });
    }
}
 
Example #7
Source File: SsmUtil.java    From herd-mdl with Apache License 2.0 6 votes vote down vote up
private static Parameter getParameter(String parameterKey, boolean isEncrypted) {
    LOGGER.info("get ssm parameter key:" + parameterKey);
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
            .withRegion(Regions.getCurrentRegion().getName()).build();
    GetParameterRequest parameterRequest = new GetParameterRequest();
    parameterRequest.withName(parameterKey).setWithDecryption(isEncrypted);
    GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
    return parameterResult.getParameter();
}
 
Example #8
Source File: SsmUtil.java    From herd-mdl with Apache License 2.0 5 votes vote down vote up
/**
 * Delete parameter from aws ssm
 * @param parameterKey ssm parameter key
 */
public static void deleteParameter(String parameterKey) {
    LOGGER.info(String.format("delete ssm parameter key %s", parameterKey));
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
            .withRegion(Regions.getCurrentRegion().getName()).build();
    DeleteParameterRequest parameterRequest = new DeleteParameterRequest().withName(parameterKey);

    simpleSystemsManagementClient.deleteParameter(parameterRequest);
}
 
Example #9
Source File: TagTest.java    From herd-mdl with Apache License 2.0 5 votes vote down vote up
private List<com.amazonaws.services.elasticloadbalancingv2.model.Tag> getElbTags() {
    String elbArn = getAnyElbArn();

    AmazonElasticLoadBalancing client = AmazonElasticLoadBalancingClientBuilder.standard()
        .withRegion(Regions.getCurrentRegion().getName()).withCredentials(new InstanceProfileCredentialsProvider(true))
        .build();
    DescribeTagsRequest request = new DescribeTagsRequest().withResourceArns(elbArn);
    return client.describeTags(request).getTagDescriptions().get(0).getTags();
}
 
Example #10
Source File: ElasticsearchAuthentication.java    From dremio-oss with Apache License 2.0 5 votes vote down vote up
public ElasticsearchAuthentication(List<Host> hosts, ElasticsearchConf.AuthenticationType authenticationType,
                                   String username, String password, String accessKey, String accessSecret,
                                   String regionName) {
  this.authenticationType = authenticationType;
  switch (authenticationType) {
    case ES_ACCOUNT:
      this.username = username;
      this.password = password;
      this.awsCredentialsProvider = null;
      this.regionName = null;
      break;
    case ACCESS_KEY:
      this.username = null;
      this.password = null;
      if (("".equals(accessKey)) || ("".equals(accessSecret))) {
        throw UserException.validationError()
          .message("Failure creating Amazon Elasticsearch Service connection. You must provide AWS Access Key and AWS Access Secret.")
          .build(logger);
      }
      this.awsCredentialsProvider = new BasicAWSCredentialsProvider(accessKey, accessSecret);
      this.regionName = getRegionName(regionName, hosts.get(0).hostname);
      break;
    case EC2_METADATA:
      this.username = null;
      this.password = null;
      this.awsCredentialsProvider = new InstanceProfileCredentialsProvider();
      this.regionName = getRegionName(regionName, hosts.get(0).hostname);
      break;
    case NONE:
      this.username = null;
      this.password = null;
      this.awsCredentialsProvider = null;
      this.regionName = null;
      break;
    default:
      throw new RuntimeException("Failure creating Elasticsearch connection. Invalid credential type.");
  }
}
 
Example #11
Source File: SsmUtil.java    From herd-mdl with Apache License 2.0 5 votes vote down vote up
/**
 * Put string parameter to aws ssm
 * @param parameterKey ssm parameter key
 * @param parameterValue ssm parameter value
 */
public static void putParameter(String parameterKey, String parameterValue) {
    LOGGER.info(String.format("put ssm parameter key %s; with value: %s ", parameterKey, parameterValue));
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
            .withRegion(Regions.getCurrentRegion().getName()).build();
    PutParameterRequest parameterRequest = new PutParameterRequest().withName(parameterKey).withValue(parameterValue).withOverwrite(true).withType("String");

    simpleSystemsManagementClient.putParameter(parameterRequest);
}
 
Example #12
Source File: AuthenticationInfoAWSCredentialsProviderChain.java    From lambadaframework with MIT License 5 votes vote down vote up
AuthenticationInfoAWSCredentialsProviderChain(AuthenticationInfo authenticationInfo) {
    super(
            new InstanceProfileCredentialsProvider(),
            new ProfileCredentialsProvider(),
            new EnvironmentVariableCredentialsProvider(),
            new SystemPropertiesCredentialsProvider(),
            new InstanceProfileCredentialsProvider());
}
 
Example #13
Source File: CloudFormationClient.java    From herd-mdl with Apache License 2.0 5 votes vote down vote up
/**
 * Default constructor
 *
 * @param stackSetName - stack name
 */
public CloudFormationClient(String stackSetName) throws Exception {

    this.stackName = stackSetName;
    propertyValues = TestProperties.getProperties();
    // Create AWS client
    amazonCloudFormation = AmazonCloudFormationClientBuilder.standard()
            .withRegion(Regions.getCurrentRegion().getName())
            .withCredentials(new InstanceProfileCredentialsProvider(true)).build();
}
 
Example #14
Source File: AWSCertRecordStoreFactory.java    From athenz with Apache License 2.0 5 votes vote down vote up
String getAuthToken(String hostname, int port, String rdsUser, String rdsIamRole) {

        InstanceProfileCredentialsProvider awsCredProvider = new InstanceProfileCredentialsProvider(true);
        RdsIamAuthTokenGenerator generator = getTokenGenerator(awsCredProvider);
        
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Instance {} Port {} User {} Region: {} Role: {}", hostname, port, rdsUser,
                    getInstanceRegion(), rdsIamRole);
        }
        
        return generator.getAuthToken(GetIamAuthTokenRequest.builder()
               .hostname(hostname).port(port).userName(rdsUser)
               .build());
    }
 
Example #15
Source File: SsmUtil.java    From herd-mdl with Apache License 2.0 5 votes vote down vote up
/**
 * Get list of parameters with prefix
 * @param prefix parameter prefix
 * @return list of  parameters
 */
public static List<Parameter> getParametersWithPrefix(String prefix){
    AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
    AWSSimpleSystemsManagement simpleSystemsManagementClient =
        AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
            .withRegion(Regions.getCurrentRegion().getName()).build();

    GetParametersByPathRequest getParametersByPathRequest = new GetParametersByPathRequest()
        .withPath(prefix)
        .withRecursive(true);

    GetParametersByPathResult parameterResult = simpleSystemsManagementClient.getParametersByPath(getParametersByPathRequest);
    return parameterResult.getParameters();
}
 
Example #16
Source File: S3ArtifactStore.java    From gocd-s3-artifacts with Apache License 2.0 5 votes vote down vote up
public static AmazonS3 getS3client(GoEnvironment env) {
    AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder.standard();

    if (env.has(AWS_REGION)) {
        amazonS3ClientBuilder.withRegion(env.get(AWS_REGION));
    }
    if (env.hasAWSUseIamRole()) {
        amazonS3ClientBuilder.withCredentials(new InstanceProfileCredentialsProvider(false));
    } else if (env.has(AWS_ACCESS_KEY_ID) && env.has(AWS_SECRET_ACCESS_KEY)) {
        BasicAWSCredentials basicCreds = new BasicAWSCredentials(env.get(AWS_ACCESS_KEY_ID), env.get(AWS_SECRET_ACCESS_KEY));
        amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(basicCreds));
    }

    return amazonS3ClientBuilder.build();
}
 
Example #17
Source File: S3ArtifactStore.java    From gocd-s3-artifacts with Apache License 2.0 5 votes vote down vote up
public static AmazonS3 getS3client(GoEnvironment env) {
    AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder.standard();

    if (env.has(AWS_REGION)) {
        amazonS3ClientBuilder.withRegion(env.get(AWS_REGION));
    }
    if (env.hasAWSUseIamRole()) {
        amazonS3ClientBuilder.withCredentials(new InstanceProfileCredentialsProvider(false));
    } else if (env.has(AWS_ACCESS_KEY_ID) && env.has(AWS_SECRET_ACCESS_KEY)) {
        BasicAWSCredentials basicCreds = new BasicAWSCredentials(env.get(AWS_ACCESS_KEY_ID), env.get(AWS_SECRET_ACCESS_KEY));
        amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(basicCreds));
    }

    return amazonS3ClientBuilder.build();
}
 
Example #18
Source File: AWSClusterSecurityManager.java    From incubator-gobblin with Apache License 2.0 5 votes vote down vote up
DefaultAWSCredentialsProviderChain(Config config) {
  super(new EnvironmentVariableCredentialsProvider(),
          new SystemPropertiesCredentialsProvider(),
          new ConfigurationCredentialsProvider(config),
          new ProfileCredentialsProvider(),
          new InstanceProfileCredentialsProvider());
}
 
Example #19
Source File: AwsClient.java    From cloudbreak with Apache License 2.0 4 votes vote down vote up
public InstanceProfileCredentialsProvider getInstanceProfileProvider() {
    return new InstanceProfileCredentialsProvider();
}
 
Example #20
Source File: AWSCertRecordStoreFactory.java    From athenz with Apache License 2.0 4 votes vote down vote up
RdsIamAuthTokenGenerator getTokenGenerator(InstanceProfileCredentialsProvider awsCredProvider) {
    return RdsIamAuthTokenGenerator.builder()
            .credentials(awsCredProvider)
            .region(getInstanceRegion())
            .build();
}
 
Example #21
Source File: IAMCredential.java    From Raigad with Apache License 2.0 4 votes vote down vote up
public IAMCredential()
{
    this.iamCredProvider = new InstanceProfileCredentialsProvider();
}
 
Example #22
Source File: CustomCredentialsProviderChain.java    From kinesis-log4j-appender with Apache License 2.0 4 votes vote down vote up
public CustomCredentialsProviderChain() {
  super(new ClasspathPropertiesFileCredentialsProvider(), new InstanceProfileCredentialsProvider(),
      new SystemPropertiesCredentialsProvider(), new EnvironmentVariableCredentialsProvider());
}
 
Example #23
Source File: CustomCredentialsProviderChain.java    From aws-big-data-blog with Apache License 2.0 4 votes vote down vote up
public CustomCredentialsProviderChain() {
    super(new EnvironmentVariableCredentialsProvider(),
            new SystemPropertiesCredentialsProvider(),
            new ClasspathPropertiesFileCredentialsProvider(),
            new InstanceProfileCredentialsProvider());
}
 
Example #24
Source File: AWSCertRecordStoreFactoryTest.java    From athenz with Apache License 2.0 4 votes vote down vote up
@Override
RdsIamAuthTokenGenerator getTokenGenerator(InstanceProfileCredentialsProvider awsCredProvider) {

    Mockito.when(generator.getAuthToken(ArgumentMatchers.any())).thenReturn("token");
    return generator;
}
 
Example #25
Source File: SnsConfiguration.java    From circus-train with Apache License 2.0 4 votes vote down vote up
@Bean
AWSCredentialsProvider awsCredentialsProvider(
    @Qualifier("replicaHiveConf") org.apache.hadoop.conf.Configuration conf) {
  return new AWSCredentialsProviderChain(new BasicAuth(conf), InstanceProfileCredentialsProvider.getInstance());
}
 
Example #26
Source File: CloudFormationClient.java    From herd-mdl with Apache License 2.0 4 votes vote down vote up
/**
 * Delete the stack {@link #stackName}
 */
public void deleteStack() throws Exception {

    CFTStackInfo cftStackInfo = getStackInfo();
    String rootStackId = cftStackInfo.stackId(); // Use the stack id to track the delete operation
    LOGGER.info("rootStackId   =   " + rootStackId);

    // Go through the stack and pick up resources that we want
    // to finalize before deleting the stack.
    List<String> s3BucketIds = new ArrayList<>();

    DescribeStacksResult describeStacksResult = amazonCloudFormation.describeStacks();
    for (Stack currentStack : describeStacksResult.getStacks()) {
        if (rootStackId.equals(currentStack.getRootId()) || rootStackId
                .equals(currentStack.getStackId())) {
            LOGGER.info("stackId   =   " + currentStack.getStackId());
            DescribeStackResourcesRequest describeStackResourcesRequest = new DescribeStackResourcesRequest();
            describeStackResourcesRequest.setStackName(currentStack.getStackName());
            List<StackResource> stackResources = amazonCloudFormation
                    .describeStackResources(describeStackResourcesRequest).getStackResources();
            for (StackResource stackResource : stackResources) {
                if (!stackResource.getResourceStatus()
                        .equals(ResourceStatus.DELETE_COMPLETE.toString())) {
                    if (stackResource.getResourceType().equals("AWS::S3::Bucket")) {
                        s3BucketIds.add(stackResource.getPhysicalResourceId());
                    }
                }
            }
        }
    }

    // Now empty S3 buckets, clean up will be done when the stack is deleted
    AmazonS3 amazonS3 = AmazonS3ClientBuilder.standard().withRegion(Regions.getCurrentRegion().getName())
            .withCredentials(new InstanceProfileCredentialsProvider(true)).build();
    for (String s3BucketPhysicalId : s3BucketIds) {
        String s3BucketName = s3BucketPhysicalId;
        if(!amazonS3.doesBucketExistV2(s3BucketName)){
            break;
        }
        LOGGER.info("Empyting S3 bucket, " + s3BucketName);
        ObjectListing objectListing = amazonS3.listObjects(s3BucketName);
        while (true) {
            for (Iterator<?> iterator = objectListing.getObjectSummaries().iterator(); iterator
                    .hasNext(); ) {
                S3ObjectSummary summary = (S3ObjectSummary) iterator.next();
                amazonS3.deleteObject(s3BucketName, summary.getKey());
            }
            if (objectListing.isTruncated()) {
                objectListing = amazonS3.listNextBatchOfObjects(objectListing);
            }
            else {
                break;
            }
        }
    }

    //Proceed with the regular stack deletion operation
    DeleteStackRequest deleteRequest = new DeleteStackRequest();
    deleteRequest.setStackName(stackName);
    amazonCloudFormation.deleteStack(deleteRequest);
    LOGGER.info("Stack deletion initiated");

    CFTStackStatus cftStackStatus = waitForCompletionAndGetStackStatus(amazonCloudFormation,
            rootStackId);
    LOGGER.info(
            "Stack deletion completed, the stack " + stackName + " completed with " + cftStackStatus);

    // Throw exception if failed
    if (!cftStackStatus.getStackStatus().equals(StackStatus.DELETE_COMPLETE.toString())) {
        throw new Exception(
                "deleteStack operation failed for stack " + stackName + " - " + cftStackStatus);
    }
}