com.amazonaws.auth.InstanceProfileCredentialsProvider Java Examples
The following examples show how to use
com.amazonaws.auth.InstanceProfileCredentialsProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AwsSessionCredentialClient.java From cloudbreak with Apache License 2.0 | 6 votes |
|
private AWSSecurityTokenService awsSecurityTokenServiceClient(AwsCredentialView awsCredential) {
if (!awsEnvironmentVariableChecker.isAwsAccessKeyAvailable(awsCredential)
|| !awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable(awsCredential)) {
LOGGER.debug("AWSSecurityTokenServiceClient will use aws metadata because environment variables are undefined");
return AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(awsDefaultZoneProvider.getDefaultZone(awsCredential))
.withCredentials(new InstanceProfileCredentialsProvider())
.build();
} else {
LOGGER.debug("AWSSecurityTokenServiceClient will use environment variables");
return AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(awsDefaultZoneProvider.getDefaultZone(awsCredential))
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
.build();
}
}
Example #2
| Source File: AirpalModule.java From airpal with Apache License 2.0 | 6 votes |
|
@Singleton
@Provides
@Nullable
public AmazonS3 provideAmazonS3Client(@Nullable AWSCredentials awsCredentials, @Nullable EncryptionMaterialsProvider encryptionMaterialsProvider)
{
if (awsCredentials == null) {
if (encryptionMaterialsProvider == null) {
return new AmazonS3Client(new InstanceProfileCredentialsProvider());
}
else {
return new AmazonS3EncryptionClient(new InstanceProfileCredentialsProvider(), encryptionMaterialsProvider);
}
}
if (encryptionMaterialsProvider == null) {
return new AmazonS3Client(awsCredentials);
}
else {
return new AmazonS3EncryptionClient(awsCredentials, encryptionMaterialsProvider);
}
}
Example #3
| Source File: AwsClient.java From cloudbreak with Apache License 2.0 | 6 votes |
|
public void validateEnvironmentForRoleAssuming(AwsCredentialView awsCredential, boolean awsAccessKeyAvailable, boolean awsSecretAccessKeyAvailable) {
String accessKeyString = awsEnvironmentVariableChecker.getAwsAccessKeyString(awsCredential);
String secretAccesKeyString = awsEnvironmentVariableChecker.getAwsSecretAccessKey(awsCredential);
if (awsAccessKeyAvailable && !awsSecretAccessKeyAvailable) {
throw new CredentialVerificationException(String.format("If '%s' available then '%s' must be set!", accessKeyString, secretAccesKeyString));
} else if (awsSecretAccessKeyAvailable && !awsAccessKeyAvailable) {
throw new CredentialVerificationException(String.format("If '%s' available then '%s' must be set!", secretAccesKeyString, accessKeyString));
} else if (!awsAccessKeyAvailable) {
try {
try (InstanceProfileCredentialsProvider provider = getInstanceProfileProvider()) {
provider.getCredentials();
} catch (IOException e) {
LOGGER.error("Unable to create AWS provider", e);
throw new CredentialVerificationException("Unable to create AWS provider");
}
} catch (AmazonClientException ignored) {
StringBuilder sb = new StringBuilder();
sb.append(String.format("The '%s' and '%s' environment variables must be set ", accessKeyString, secretAccesKeyString));
sb.append("or an instance profile role should be available.");
LOGGER.info(sb.toString());
throw new CredentialVerificationException(sb.toString());
}
}
}
Example #4
| Source File: AWSObjectStoreFactory.java From athenz with Apache License 2.0 | 6 votes |
|
String getAuthToken(String hostname, int port, String rdsUser, String rdsIamRole) {
InstanceProfileCredentialsProvider awsCredProvider = new InstanceProfileCredentialsProvider(true);
if (LOG.isDebugEnabled()) {
LOG.debug("getAuthToken: Access key id: {}", awsCredProvider.getCredentials().getAWSAccessKeyId());
}
RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder()
.credentials(awsCredProvider)
.region(EC2MetadataUtils.getEC2InstanceRegion())
.build();
if (LOG.isDebugEnabled()) {
LOG.debug("Instance {} Port {} User {} Region: {} Role: {}", hostname, port, rdsUser,
EC2MetadataUtils.getEC2InstanceRegion(), rdsIamRole);
}
return generator.getAuthToken(GetIamAuthTokenRequest.builder()
.hostname(hostname).port(port).userName(rdsUser)
.build());
}
Example #5
| Source File: STSCredentialProviderV1.java From dremio-oss with Apache License 2.0 | 6 votes |
|
public STSCredentialProviderV1(URI uri, Configuration conf) throws IOException {
AWSCredentialsProvider awsCredentialsProvider = null;
//TODO: Leverage S3AUtils createAwsCredentialProvider
if (S3StoragePlugin.ACCESS_KEY_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
awsCredentialsProvider = new SimpleAWSCredentialsProvider(uri, conf);
} else if (S3StoragePlugin.EC2_METADATA_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
awsCredentialsProvider = InstanceProfileCredentialsProvider.getInstance();
}
final String region = S3FileSystem.getAWSRegionFromConfigurationOrDefault(conf).toString();
final AWSSecurityTokenServiceClientBuilder builder = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(awsCredentialsProvider)
.withClientConfiguration(S3AUtils.createAwsConf(conf, ""))
.withRegion(region);
S3FileSystem.getStsEndpoint(conf).ifPresent(e -> {
builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(e, region));
});
this.stsAssumeRoleSessionCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(
conf.get(Constants.ASSUMED_ROLE_ARN), UUID.randomUUID().toString())
.withStsClient(builder.build())
.build();
}
Example #6
| Source File: TagTest.java From herd-mdl with Apache License 2.0 | 6 votes |
|
@Test
public void testSqsTagsAreSameAsHerdEC2Stack() throws Exception {
String sqsNamePrefix = INSTANCE_NAME;
String herdStackNamePrefix = APP_STACK_NAME + "-MdlStack-";
CloudFormationClient cloudFormationClient = new CloudFormationClient(APP_STACK_NAME);
List<Tag> stackTags = cloudFormationClient.getStackByNamePrefix(herdStackNamePrefix).getTags();
System.out.println("Listing all queues with prefix: " + sqsNamePrefix);
AmazonSQS sqs = AmazonSQSClientBuilder.standard().withRegion(Regions.getCurrentRegion().getName())
.withCredentials(new InstanceProfileCredentialsProvider(true)).build();
List<String> queueUrls = sqs.listQueues(sqsNamePrefix).getQueueUrls();
assertEquals(2, queueUrls.size(), "2 queues are expected");
for (String queueUrl : queueUrls) {
System.out.println("QueueUrl: " + queueUrl);
Map<String, String> sqsTags = sqs.listQueueTags(queueUrl).getTags();
LogVerification("Verify sqs tags are the same as herd stack");
stackTags.forEach(tag -> {
String key = tag.getKey();
assertTrue(sqsTags.containsKey(key));
assertEquals(tag.getValue(), sqsTags.get(key));
});
}
}
Example #7
| Source File: SsmUtil.java From herd-mdl with Apache License 2.0 | 6 votes |
|
private static Parameter getParameter(String parameterKey, boolean isEncrypted) {
LOGGER.info("get ssm parameter key:" + parameterKey);
AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
AWSSimpleSystemsManagement simpleSystemsManagementClient =
AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
.withRegion(Regions.getCurrentRegion().getName()).build();
GetParameterRequest parameterRequest = new GetParameterRequest();
parameterRequest.withName(parameterKey).setWithDecryption(isEncrypted);
GetParameterResult parameterResult = simpleSystemsManagementClient.getParameter(parameterRequest);
return parameterResult.getParameter();
}
Example #8
| Source File: SsmUtil.java From herd-mdl with Apache License 2.0 | 5 votes |
|
/**
* Delete parameter from aws ssm
* @param parameterKey ssm parameter key
*/
public static void deleteParameter(String parameterKey) {
LOGGER.info(String.format("delete ssm parameter key %s", parameterKey));
AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
AWSSimpleSystemsManagement simpleSystemsManagementClient =
AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
.withRegion(Regions.getCurrentRegion().getName()).build();
DeleteParameterRequest parameterRequest = new DeleteParameterRequest().withName(parameterKey);
simpleSystemsManagementClient.deleteParameter(parameterRequest);
}
Example #9
| Source File: TagTest.java From herd-mdl with Apache License 2.0 | 5 votes |
|
private List<com.amazonaws.services.elasticloadbalancingv2.model.Tag> getElbTags() {
String elbArn = getAnyElbArn();
AmazonElasticLoadBalancing client = AmazonElasticLoadBalancingClientBuilder.standard()
.withRegion(Regions.getCurrentRegion().getName()).withCredentials(new InstanceProfileCredentialsProvider(true))
.build();
DescribeTagsRequest request = new DescribeTagsRequest().withResourceArns(elbArn);
return client.describeTags(request).getTagDescriptions().get(0).getTags();
}
Example #10
| Source File: ElasticsearchAuthentication.java From dremio-oss with Apache License 2.0 | 5 votes |
|
public ElasticsearchAuthentication(List<Host> hosts, ElasticsearchConf.AuthenticationType authenticationType,
String username, String password, String accessKey, String accessSecret,
String regionName) {
this.authenticationType = authenticationType;
switch (authenticationType) {
case ES_ACCOUNT:
this.username = username;
this.password = password;
this.awsCredentialsProvider = null;
this.regionName = null;
break;
case ACCESS_KEY:
this.username = null;
this.password = null;
if (("".equals(accessKey)) || ("".equals(accessSecret))) {
throw UserException.validationError()
.message("Failure creating Amazon Elasticsearch Service connection. You must provide AWS Access Key and AWS Access Secret.")
.build(logger);
}
this.awsCredentialsProvider = new BasicAWSCredentialsProvider(accessKey, accessSecret);
this.regionName = getRegionName(regionName, hosts.get(0).hostname);
break;
case EC2_METADATA:
this.username = null;
this.password = null;
this.awsCredentialsProvider = new InstanceProfileCredentialsProvider();
this.regionName = getRegionName(regionName, hosts.get(0).hostname);
break;
case NONE:
this.username = null;
this.password = null;
this.awsCredentialsProvider = null;
this.regionName = null;
break;
default:
throw new RuntimeException("Failure creating Elasticsearch connection. Invalid credential type.");
}
}
Example #11
| Source File: SsmUtil.java From herd-mdl with Apache License 2.0 | 5 votes |
|
/**
* Put string parameter to aws ssm
* @param parameterKey ssm parameter key
* @param parameterValue ssm parameter value
*/
public static void putParameter(String parameterKey, String parameterValue) {
LOGGER.info(String.format("put ssm parameter key %s; with value: %s ", parameterKey, parameterValue));
AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
AWSSimpleSystemsManagement simpleSystemsManagementClient =
AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
.withRegion(Regions.getCurrentRegion().getName()).build();
PutParameterRequest parameterRequest = new PutParameterRequest().withName(parameterKey).withValue(parameterValue).withOverwrite(true).withType("String");
simpleSystemsManagementClient.putParameter(parameterRequest);
}
Example #12
| Source File: AuthenticationInfoAWSCredentialsProviderChain.java From lambadaframework with MIT License | 5 votes |
|
AuthenticationInfoAWSCredentialsProviderChain(AuthenticationInfo authenticationInfo) {
super(
new InstanceProfileCredentialsProvider(),
new ProfileCredentialsProvider(),
new EnvironmentVariableCredentialsProvider(),
new SystemPropertiesCredentialsProvider(),
new InstanceProfileCredentialsProvider());
}
Example #13
| Source File: CloudFormationClient.java From herd-mdl with Apache License 2.0 | 5 votes |
|
/**
* Default constructor
*
* @param stackSetName - stack name
*/
public CloudFormationClient(String stackSetName) throws Exception {
this.stackName = stackSetName;
propertyValues = TestProperties.getProperties();
// Create AWS client
amazonCloudFormation = AmazonCloudFormationClientBuilder.standard()
.withRegion(Regions.getCurrentRegion().getName())
.withCredentials(new InstanceProfileCredentialsProvider(true)).build();
}
Example #14
| Source File: AWSCertRecordStoreFactory.java From athenz with Apache License 2.0 | 5 votes |
|
String getAuthToken(String hostname, int port, String rdsUser, String rdsIamRole) {
InstanceProfileCredentialsProvider awsCredProvider = new InstanceProfileCredentialsProvider(true);
RdsIamAuthTokenGenerator generator = getTokenGenerator(awsCredProvider);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Instance {} Port {} User {} Region: {} Role: {}", hostname, port, rdsUser,
getInstanceRegion(), rdsIamRole);
}
return generator.getAuthToken(GetIamAuthTokenRequest.builder()
.hostname(hostname).port(port).userName(rdsUser)
.build());
}
Example #15
| Source File: SsmUtil.java From herd-mdl with Apache License 2.0 | 5 votes |
|
/**
* Get list of parameters with prefix
* @param prefix parameter prefix
* @return list of parameters
*/
public static List<Parameter> getParametersWithPrefix(String prefix){
AWSCredentialsProvider credentials = InstanceProfileCredentialsProvider.getInstance();
AWSSimpleSystemsManagement simpleSystemsManagementClient =
AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(credentials)
.withRegion(Regions.getCurrentRegion().getName()).build();
GetParametersByPathRequest getParametersByPathRequest = new GetParametersByPathRequest()
.withPath(prefix)
.withRecursive(true);
GetParametersByPathResult parameterResult = simpleSystemsManagementClient.getParametersByPath(getParametersByPathRequest);
return parameterResult.getParameters();
}
Example #16
| Source File: S3ArtifactStore.java From gocd-s3-artifacts with Apache License 2.0 | 5 votes |
|
public static AmazonS3 getS3client(GoEnvironment env) {
AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder.standard();
if (env.has(AWS_REGION)) {
amazonS3ClientBuilder.withRegion(env.get(AWS_REGION));
}
if (env.hasAWSUseIamRole()) {
amazonS3ClientBuilder.withCredentials(new InstanceProfileCredentialsProvider(false));
} else if (env.has(AWS_ACCESS_KEY_ID) && env.has(AWS_SECRET_ACCESS_KEY)) {
BasicAWSCredentials basicCreds = new BasicAWSCredentials(env.get(AWS_ACCESS_KEY_ID), env.get(AWS_SECRET_ACCESS_KEY));
amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(basicCreds));
}
return amazonS3ClientBuilder.build();
}
Example #17
| Source File: S3ArtifactStore.java From gocd-s3-artifacts with Apache License 2.0 | 5 votes |
|
public static AmazonS3 getS3client(GoEnvironment env) {
AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder.standard();
if (env.has(AWS_REGION)) {
amazonS3ClientBuilder.withRegion(env.get(AWS_REGION));
}
if (env.hasAWSUseIamRole()) {
amazonS3ClientBuilder.withCredentials(new InstanceProfileCredentialsProvider(false));
} else if (env.has(AWS_ACCESS_KEY_ID) && env.has(AWS_SECRET_ACCESS_KEY)) {
BasicAWSCredentials basicCreds = new BasicAWSCredentials(env.get(AWS_ACCESS_KEY_ID), env.get(AWS_SECRET_ACCESS_KEY));
amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(basicCreds));
}
return amazonS3ClientBuilder.build();
}
Example #18
| Source File: AWSClusterSecurityManager.java From incubator-gobblin with Apache License 2.0 | 5 votes |
|
DefaultAWSCredentialsProviderChain(Config config) {
super(new EnvironmentVariableCredentialsProvider(),
new SystemPropertiesCredentialsProvider(),
new ConfigurationCredentialsProvider(config),
new ProfileCredentialsProvider(),
new InstanceProfileCredentialsProvider());
}
Example #19
| Source File: AwsClient.java From cloudbreak with Apache License 2.0 | 4 votes |
|
public InstanceProfileCredentialsProvider getInstanceProfileProvider() {
return new InstanceProfileCredentialsProvider();
}
Example #20
| Source File: AWSCertRecordStoreFactory.java From athenz with Apache License 2.0 | 4 votes |
|
RdsIamAuthTokenGenerator getTokenGenerator(InstanceProfileCredentialsProvider awsCredProvider) {
return RdsIamAuthTokenGenerator.builder()
.credentials(awsCredProvider)
.region(getInstanceRegion())
.build();
}
Example #21
| Source File: IAMCredential.java From Raigad with Apache License 2.0 | 4 votes |
|
public IAMCredential()
{
this.iamCredProvider = new InstanceProfileCredentialsProvider();
}
Example #22
| Source File: CustomCredentialsProviderChain.java From kinesis-log4j-appender with Apache License 2.0 | 4 votes |
|
public CustomCredentialsProviderChain() {
super(new ClasspathPropertiesFileCredentialsProvider(), new InstanceProfileCredentialsProvider(),
new SystemPropertiesCredentialsProvider(), new EnvironmentVariableCredentialsProvider());
}
Example #23
| Source File: CustomCredentialsProviderChain.java From aws-big-data-blog with Apache License 2.0 | 4 votes |
|
public CustomCredentialsProviderChain() {
super(new EnvironmentVariableCredentialsProvider(),
new SystemPropertiesCredentialsProvider(),
new ClasspathPropertiesFileCredentialsProvider(),
new InstanceProfileCredentialsProvider());
}
Example #24
| Source File: AWSCertRecordStoreFactoryTest.java From athenz with Apache License 2.0 | 4 votes |
|
@Override
RdsIamAuthTokenGenerator getTokenGenerator(InstanceProfileCredentialsProvider awsCredProvider) {
Mockito.when(generator.getAuthToken(ArgumentMatchers.any())).thenReturn("token");
return generator;
}
Example #25
| Source File: SnsConfiguration.java From circus-train with Apache License 2.0 | 4 votes |
|
@Bean
AWSCredentialsProvider awsCredentialsProvider(
@Qualifier("replicaHiveConf") org.apache.hadoop.conf.Configuration conf) {
return new AWSCredentialsProviderChain(new BasicAuth(conf), InstanceProfileCredentialsProvider.getInstance());
}
Example #26
| Source File: CloudFormationClient.java From herd-mdl with Apache License 2.0 | 4 votes |
|
/**
* Delete the stack {@link #stackName}
*/
public void deleteStack() throws Exception {
CFTStackInfo cftStackInfo = getStackInfo();
String rootStackId = cftStackInfo.stackId(); // Use the stack id to track the delete operation
LOGGER.info("rootStackId = " + rootStackId);
// Go through the stack and pick up resources that we want
// to finalize before deleting the stack.
List<String> s3BucketIds = new ArrayList<>();
DescribeStacksResult describeStacksResult = amazonCloudFormation.describeStacks();
for (Stack currentStack : describeStacksResult.getStacks()) {
if (rootStackId.equals(currentStack.getRootId()) || rootStackId
.equals(currentStack.getStackId())) {
LOGGER.info("stackId = " + currentStack.getStackId());
DescribeStackResourcesRequest describeStackResourcesRequest = new DescribeStackResourcesRequest();
describeStackResourcesRequest.setStackName(currentStack.getStackName());
List<StackResource> stackResources = amazonCloudFormation
.describeStackResources(describeStackResourcesRequest).getStackResources();
for (StackResource stackResource : stackResources) {
if (!stackResource.getResourceStatus()
.equals(ResourceStatus.DELETE_COMPLETE.toString())) {
if (stackResource.getResourceType().equals("AWS::S3::Bucket")) {
s3BucketIds.add(stackResource.getPhysicalResourceId());
}
}
}
}
}
// Now empty S3 buckets, clean up will be done when the stack is deleted
AmazonS3 amazonS3 = AmazonS3ClientBuilder.standard().withRegion(Regions.getCurrentRegion().getName())
.withCredentials(new InstanceProfileCredentialsProvider(true)).build();
for (String s3BucketPhysicalId : s3BucketIds) {
String s3BucketName = s3BucketPhysicalId;
if(!amazonS3.doesBucketExistV2(s3BucketName)){
break;
}
LOGGER.info("Empyting S3 bucket, " + s3BucketName);
ObjectListing objectListing = amazonS3.listObjects(s3BucketName);
while (true) {
for (Iterator<?> iterator = objectListing.getObjectSummaries().iterator(); iterator
.hasNext(); ) {
S3ObjectSummary summary = (S3ObjectSummary) iterator.next();
amazonS3.deleteObject(s3BucketName, summary.getKey());
}
if (objectListing.isTruncated()) {
objectListing = amazonS3.listNextBatchOfObjects(objectListing);
}
else {
break;
}
}
}
//Proceed with the regular stack deletion operation
DeleteStackRequest deleteRequest = new DeleteStackRequest();
deleteRequest.setStackName(stackName);
amazonCloudFormation.deleteStack(deleteRequest);
LOGGER.info("Stack deletion initiated");
CFTStackStatus cftStackStatus = waitForCompletionAndGetStackStatus(amazonCloudFormation,
rootStackId);
LOGGER.info(
"Stack deletion completed, the stack " + stackName + " completed with " + cftStackStatus);
// Throw exception if failed
if (!cftStackStatus.getStackStatus().equals(StackStatus.DELETE_COMPLETE.toString())) {
throw new Exception(
"deleteStack operation failed for stack " + stackName + " - " + cftStackStatus);
}
}
