String getAuthToken(String hostname, int port, String rdsUser, String rdsIamRole) { InstanceProfileCredentialsProvider awsCredProvider = new InstanceProfileCredentialsProvider(true); if (LOG.isDebugEnabled()) { LOG.debug("getAuthToken: Access key id: {}", awsCredProvider.getCredentials().getAWSAccessKeyId()); } RdsIamAuthTokenGenerator generator = RdsIamAuthTokenGenerator.builder() .credentials(awsCredProvider) .region(EC2MetadataUtils.getEC2InstanceRegion()) .build(); if (LOG.isDebugEnabled()) { LOG.debug("Instance {} Port {} User {} Region: {} Role: {}", hostname, port, rdsUser, EC2MetadataUtils.getEC2InstanceRegion(), rdsIamRole); } return generator.getAuthToken(GetIamAuthTokenRequest.builder() .hostname(hostname).port(port).userName(rdsUser) .build()); }
public static AWSCredentialsProvider getCredentialProviderC(Parameters config){ List<AWSCredentialsProvider> providers = new ArrayList<AWSCredentialsProvider>(); if ("YES".equals(config.get("aws.credentials.instaneProfile"))) providers.add(new InstanceProfileCredentialsProvider()); if ("YES".equals(config.get("aws.credentials.environmentVariable"))) providers.add(new EnvironmentVariableCredentialsProvider()); if ("YES".equals(config.get("aws.credentials.systemProperties"))) providers.add(new SystemPropertiesCredentialsProvider()); String accessKey = config.get("aws.credentials.accessKey").toString(); String secretKey = config.get("aws.credentials.secretKey").toString(); if (accessKey != null && accessKey.length() > 0){ providers.add(new AWSCredentialsConfigFileProvider(accessKey, secretKey)); } return new AWSCredentialsProviderChain(providers.toArray(new AWSCredentialsProvider[0])); }
@Singleton @Provides @Nullable public AmazonS3 provideAmazonS3Client(@Nullable AWSCredentials awsCredentials, @Nullable EncryptionMaterialsProvider encryptionMaterialsProvider) { if (awsCredentials == null) { if (encryptionMaterialsProvider == null) { return new AmazonS3Client(new InstanceProfileCredentialsProvider()); } else { return new AmazonS3EncryptionClient(new InstanceProfileCredentialsProvider(), encryptionMaterialsProvider); } } if (encryptionMaterialsProvider == null) { return new AmazonS3Client(awsCredentials); } else { return new AmazonS3EncryptionClient(awsCredentials, encryptionMaterialsProvider); } }
public static AWSCredentialsProviderChain getAWSCredentialsProviderChain() { String cerberusRoleToAssume = System.getenv(CERBERUS_ASSUME_ROLE_ARN) != null ? System.getenv(CERBERUS_ASSUME_ROLE_ARN) : ""; String cerberusRoleToAssumeExternalId = System.getenv(CERBERUS_ASSUME_ROLE_EXTERNAL_ID) != null ? System.getenv(CERBERUS_ASSUME_ROLE_EXTERNAL_ID) : ""; STSAssumeRoleSessionCredentialsProvider sTSAssumeRoleSessionCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider .Builder(cerberusRoleToAssume, UUID.randomUUID().toString()) .withExternalId(cerberusRoleToAssumeExternalId) .build(); AWSCredentialsProviderChain chain = new AWSCredentialsProviderChain( new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ProfileCredentialsProvider(), sTSAssumeRoleSessionCredentialsProvider, new InstanceProfileCredentialsProvider()); return chain; }
@PostConstruct protected void init() { configureAWSLogAgent(); credentialsProvider = new InstanceProfileCredentialsProvider(); region = Regions.getCurrentRegion(); amazonDynamoDB.setRegion(region); dbPrefix = AmazonConfigProvider.getDynamoDbPrefix(); DynamoDBMapperConfig config = new DynamoDBMapperConfig.Builder().withTableNameOverride(DynamoDBMapperConfig.TableNameOverride. withTableNamePrefix(dbPrefix)).build(); mapper = new DynamoDBMapper(amazonDynamoDB, config); tablesWithPrefix = Arrays.stream(tables).map(s -> dbPrefix.concat(s)).collect(Collectors.toList()); if (customBucketName != null) { customBucketName = customBucketName.toLowerCase(); } if ((customBucketName.isEmpty() || CUSTOM_BUCKET_NAME_DEFAULT_VALUE.equals(customBucketName)) && !validateBucketName(customBucketName).isValid()) { customBucketName = null; } }
public AWSCredentials getCredentials() { AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText()); if (StringUtils.isBlank(iamRoleArn)) { return initialCredentials; } else { // Handle the case of delegation to instance profile if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText()) ) { initialCredentials = (new InstanceProfileCredentialsProvider()).getCredentials(); } AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn); AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest); return new BasicSessionCredentials( assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } }
public void checkAwsEnvironmentVariables(CloudCredential credential) { AwsCredentialView awsCredential = new AwsCredentialView(credential); if (isRoleAssumeRequired(awsCredential)) { if (awsEnvironmentVariableChecker.isAwsAccessKeyAvailable() && !awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable()) { throw new CloudConnectorException("If 'AWS_ACCESS_KEY_ID' available then 'AWS_SECRET_ACCESS_KEY' must be set!"); } else if (awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable() && !awsEnvironmentVariableChecker.isAwsAccessKeyAvailable()) { throw new CloudConnectorException("If 'AWS_SECRET_ACCESS_KEY' available then 'AWS_ACCESS_KEY_ID' must be set!"); } else if (!awsEnvironmentVariableChecker.isAwsAccessKeyAvailable() && !awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable()) { try { new InstanceProfileCredentialsProvider().getCredentials(); } catch (AmazonClientException ignored) { StringBuilder sb = new StringBuilder(); sb.append("The 'AWS_ACCESS_KEY_ID' and 'AWS_SECRET_ACCESS_KEY' environment variables must be set "); sb.append("or an instance profile role should be available."); LOGGER.info(sb.toString()); throw new CloudConnectorException(sb.toString()); } } } }
/** * Connect to the specified bucket using previously given accesskey and secretkey. * @param bucketName Name of the bucket to connect to * @param pathPrefix Prefix that will be later used for filtering documents * @throws AmazonS3Exception when access or secret keys are wrong or bucket does not exists */ public void connectUserBucket(String bucketName, String pathPrefix) throws AmazonS3Exception{ this.bucketName = bucketName; this.pathPrefix = pathPrefix; if (accessKey != null && secretKey != null) { AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey); s3Client = new AmazonS3Client(credentials); } else if (useIAMRoleForEC2) { // Force usage of IAM Role process as described into // http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html. s3Client = new AmazonS3Client(new InstanceProfileCredentialsProvider()); } else { // Default credentials retrieval or IAM Role process as described into // http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html. s3Client = new AmazonS3Client(); } // Getting location seems odd as we don't use it later and doesBucketExists() seems // more appropriate... However, this later returns true even for non existing buckets ! s3Client.getBucketLocation(bucketName); }
public static AmazonS3Client createAmazonS3Client(Configuration conf) /* */ { /* 452 */ String accessKeyId = conf.get("fs.s3n.awsAccessKeyId"); /* 453 */ String SecretAccessKey = conf.get("fs.s3n.awsSecretAccessKey"); /* */ AmazonS3Client s3Client; /* 455 */ if ((accessKeyId != null) && (SecretAccessKey != null)) { /* 456 */ s3Client = new AmazonS3Client(new BasicAWSCredentials(accessKeyId, SecretAccessKey)); /* 457 */ LOG.info("Created AmazonS3Client with conf KeyId " + accessKeyId); /* */ } else { /* 459 */ InstanceProfileCredentialsProvider provider = new InstanceProfileCredentialsProvider(); /* 460 */ s3Client = new AmazonS3Client(provider); /* 461 */ LOG.info("Created AmazonS3Client with role keyId " + provider.getCredentials().getAWSAccessKeyId()); /* */ } /* 463 */ String endpoint = conf.get("fs.s3n.endpoint"); /* 464 */ if ((endpoint == null) && (isGovCloud())) { /* 465 */ endpoint = "s3-us-gov-west-1.amazonaws.com"; /* */ } /* 467 */ if (endpoint != null) { /* 468 */ LOG.info("AmazonS3Client setEndpoint s3-us-gov-west-1.amazonaws.com"); /* 469 */ s3Client.setEndpoint("s3-us-gov-west-1.amazonaws.com"); /* */ } /* 471 */ return s3Client; /* */ }
public S3SQSClient(Region region, String queueName, String accessKey, String secretKey) { ClientConfiguration clientConfiguration = new ClientConfiguration(); clientConfiguration.setRequestTimeout(5000); clientConfiguration.setRetryPolicy(new RetryPolicy(null, null, 3, true)); if (accessKey.isEmpty() && secretKey.isEmpty()) { this.sqs = new AmazonSQSClient(new InstanceProfileCredentialsProvider(), clientConfiguration); } else { this.sqs = new AmazonSQSClient(new BasicAWSCredentials(accessKey, secretKey), clientConfiguration); } this.sqs.setRegion(region); this.queueName = queueName; }
@SuppressWarnings("deprecation") public ApiImporter(String profile, String accessKey, String secret) { if (accessKey != null && secret != null) { credentialsProvider=new AWSCredentialsProvider() { @Override public void refresh() { } @Override public AWSCredentials getCredentials() { return new AWSCredentials() { @Override public String getAWSSecretKey() { return secret; } @Override public String getAWSAccessKeyId() { return accessKey; } }; } }; } else { credentialsProvider = new AWSCredentialsProviderChain(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ProfileCredentialsProvider(profile), new InstanceProfileCredentialsProvider()); } amazonApiGatewayClient = new AmazonApiGatewayClient(credentialsProvider); }
MyCredentialsProvider() { super(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), // Removed due to ElasticBeanstalk environment not being setup with a profile dir // new ProfileCredentialsProvider(), new InstanceProfileCredentialsProvider(), new ClasspathPropertiesFileCredentialsProvider()); }
AuthenticationInfoAWSCredentialsProviderChain(AuthenticationInfo authenticationInfo) { super( new InstanceProfileCredentialsProvider(), new ProfileCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new InstanceProfileCredentialsProvider()); }
private void init() { InstanceProfileCredentialsProvider credentialsProvider = new InstanceProfileCredentialsProvider(); AmazonDynamoDB amazonDynamoDB = new AmazonDynamoDBClient(credentialsProvider); amazonDynamoDB.setRegion(Regions.getCurrentRegion()); dynamoDBMapper = new DynamoDBMapper(amazonDynamoDB, dynamoDBMapperConfig()); amazonS3 = new AmazonS3Client(credentialsProvider); Region current = Regions.getCurrentRegion(); if (!current.equals(Region.getRegion(Regions.US_EAST_1))) { amazonS3.setRegion(current); } systemUpgrade = new UpgradeSystemTo003(); }
/** * * @return */ private AWSCredentialsProvider getCredentials() { return new AWSCredentialsProviderChain(new StaticCredentialsProvider( new AppenderCredentials()), new SystemPropertiesCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new ProfileCredentialsProvider(), new InstanceProfileCredentialsProvider()); }
private AWSCredentialsProvider getAwsCredentialsProvider(URI uri, Configuration conf) { Optional<AWSCredentials> credentials = getAwsCredentials(uri, conf); if (credentials.isPresent()) { return new StaticCredentialsProvider(credentials.get()); } if (useInstanceCredentials) { return new InstanceProfileCredentialsProvider(); } throw new RuntimeException("S3 credentials not configured"); }
@Test public void testInstanceCredentialsEnabled() throws Exception { Configuration config = new Configuration(); // instance credentials are enabled by default try (PrestoS3FileSystem fs = new PrestoS3FileSystem()) { fs.initialize(new URI("s3n://test-bucket/"), config); assertInstanceOf(getAwsCredentialsProvider(fs), InstanceProfileCredentialsProvider.class); } }
public static AWSCredentialsProvider createCredentialsProvider( final boolean useInstanceProfileForCredentials, final String accessId, final Secret secretKey) { if (useInstanceProfileForCredentials) { return new InstanceProfileCredentialsProvider(); } BasicAWSCredentials credentials = new BasicAWSCredentials(accessId, Secret.toString(secretKey)); return new StaticCredentialsProvider(credentials); }
public FormValidation doCheckUseInstanceProfileForCredentials(@QueryParameter boolean value) { if (value) { try { new InstanceProfileCredentialsProvider().getCredentials(); } catch (AmazonClientException e) { return FormValidation.error(Messages.EC2Cloud_FailedToObtainCredentailsFromEC2(), e.getMessage()); } } return FormValidation.ok(); }
/** * Load default AWS accounts. */ private void loadAccounts() { if (accounts.isEmpty()) { accounts.add(new AwsAccount(new DefaultAWSCredentialsProviderChain().getCredentials())); accounts.add(new AwsAccount(new InstanceProfileCredentialsProvider().getCredentials())); } }
private AWSCredentialsProvider getCredentialsProvider() { if (StringUtils.isNullOrEmpty(awsAccessKey) || StringUtils.isNullOrEmpty(awsSecretKey)) { return new InstanceProfileCredentialsProvider(); } return new StaticCredentialsProvider(new BasicAWSCredentials(awsAccessKey, awsSecretKey)); }
public static AmazonS3 getS3client(GoEnvironment env) { AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder.standard(); if (env.has(AWS_REGION)) { amazonS3ClientBuilder.withRegion(env.get(AWS_REGION)); } if (env.hasAWSUseIamRole()) { amazonS3ClientBuilder.withCredentials(new InstanceProfileCredentialsProvider(false)); } else if (env.has(AWS_ACCESS_KEY_ID) && env.has(AWS_SECRET_ACCESS_KEY)) { BasicAWSCredentials basicCreds = new BasicAWSCredentials(env.get(AWS_ACCESS_KEY_ID), env.get(AWS_SECRET_ACCESS_KEY)); amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(basicCreds)); } return amazonS3ClientBuilder.build(); }
@Bean @Scope(WebApplicationContext.SCOPE_APPLICATION) public AWSCredentialsProvider credentials() { return new AWSCredentialsProviderChain( new InstanceProfileCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider() ); }
private AWSCredentialsProvider createCredentialsProvider(){ return new AWSCredentialsProviderChain( new InstanceProfileCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new AWSCredentialsConfigFileProvider() ); }
DefaultAWSCredentialsProviderChain(Config config) { super(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ConfigurationCredentialsProvider(config), new ProfileCredentialsProvider(), new InstanceProfileCredentialsProvider()); }
public AWSCredentialsProvider getCredentials(AWSCredentials credentials) { return new AWSCredentialsProviderChain( new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new StaticCredentialsProvider(credentials == null ? new NullCredentials() : credentials), new ProfileCredentialsProvider(), new InstanceProfileCredentialsProvider() ); }
private AWSSecurityTokenServiceClient awsSecurityTokenServiceClient() { if (!awsEnvironmentVariableChecker.isAwsAccessKeyAvailable() || !awsEnvironmentVariableChecker.isAwsSecretAccessKeyAvailable()) { InstanceProfileCredentialsProvider instanceProfileCredentialsProvider = new InstanceProfileCredentialsProvider(); LOGGER.info("AWSSecurityTokenServiceClient will use aws metadata because environment variables are undefined"); return new AWSSecurityTokenServiceClient(instanceProfileCredentialsProvider); } else { LOGGER.info("AWSSecurityTokenServiceClient will use environment variables"); return new AWSSecurityTokenServiceClient(); } }
private void initializeAmazonS3() { if (s3 == null) { final String accessKey = conf.get(ACCESS_KEY_CONF); final String secretKey = conf.get(SECRET_KEY_CONF); s3 = new AmazonS3Client(new AWSCredentialsProviderChain( new AWSCredentialsProvider() { @Override public AWSCredentials getCredentials() { if (!Strings.isNullOrEmpty(accessKey) && !Strings.isNullOrEmpty(secretKey)) { return new BasicAWSCredentials(accessKey, secretKey); } else { return null; } } @Override public void refresh() { } }, new InstanceProfileCredentialsProvider())); if (!Strings.isNullOrEmpty(conf.get(ENDPOINT_CONF))) { s3.setEndpoint(conf.get(ENDPOINT_CONF)); } else if (Regions.getCurrentRegion() != null) { s3.setRegion(Regions.getCurrentRegion()); } else { s3.setEndpoint(ENDPOINT_DEFAULT); } } }
private PrivilegedInstanceProfileCredentialsProvider() { this.credentials = new InstanceProfileCredentialsProvider(); }
@Bean public AWSCredentialsProvider awsCredentialsProvider() { return new InstanceProfileCredentialsProvider(false); }
@Bean AWSCredentialsProvider awsCredentialsProvider( @Qualifier("replicaHiveConf") org.apache.hadoop.conf.Configuration conf) { return new AWSCredentialsProviderChain(new BasicAuth(conf), InstanceProfileCredentialsProvider.getInstance()); }
public HadoopAWSCredentialProviderChain() { super(InstanceProfileCredentialsProvider.getInstance()); }
public HadoopAWSCredentialProviderChain(Configuration conf) { super(new JceksAWSCredentialProvider(conf), InstanceProfileCredentialsProvider.getInstance()); }
protected AWSCredentialsProvider getAWSCredentialsProvider(Configuration conf) { List<AWSCredentialsProvider> providersList = new ArrayList<>(); // try to load custom credential provider, fail if a provider is specified but cannot be // initialized String providerClass = conf.get(DynamoDBConstants.CUSTOM_CREDENTIALS_PROVIDER_CONF); if (!Strings.isNullOrEmpty(providerClass)) { try { providersList.add( (AWSCredentialsProvider) ReflectionUtils.newInstance(Class.forName(providerClass), conf) ); } catch (ClassNotFoundException e) { throw new RuntimeException("Custom AWSCredentialsProvider not found: " + providerClass, e); } } // try to fetch credentials from core-site String accessKey = conf.get(DYNAMODB_CREDENTIAL_PAIR_NAME.getAccessKeyName()); String secretKey; if (Strings.isNullOrEmpty(accessKey)) { accessKey = conf.get(DEFAULT_CREDENTIAL_PAIR_NAME.getAccessKeyName()); secretKey = conf.get(DEFAULT_CREDENTIAL_PAIR_NAME.getSecretKeyName()); } else { secretKey = conf.get(DYNAMODB_CREDENTIAL_PAIR_NAME.getSecretKeyName()); } if (Strings.isNullOrEmpty(accessKey) || Strings.isNullOrEmpty(secretKey)) { providersList.add(new InstanceProfileCredentialsProvider()); } else { final AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey); providersList.add(new AWSCredentialsProvider() { @Override public AWSCredentials getCredentials() { return credentials; } @Override public void refresh() { } }); } AWSCredentialsProvider[] providerArray = providersList.toArray( new AWSCredentialsProvider[providersList.size()] ); AWSCredentialsProviderChain providerChain = new AWSCredentialsProviderChain(providerArray); providerChain.setReuseLastProvider(true); return providerChain; }
public CustomCredentialsProviderChain() { super(new ClasspathPropertiesFileCredentialsProvider(), new InstanceProfileCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new ProfileCredentialsProvider()); }
public IAMCredential() { this.iamCredProvider = new InstanceProfileCredentialsProvider(); }
public CustomCredentialsProviderChain() { super(new ClasspathPropertiesFileCredentialsProvider(), new InstanceProfileCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new EnvironmentVariableCredentialsProvider()); }
public CustomCredentialsProviderChain() { super(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ClasspathPropertiesFileCredentialsProvider(), new InstanceProfileCredentialsProvider()); }
