While debugging and developing using the AWS SDK you’ll find that sometimes you just need to use real credentials on a box that lives outside of EC2. You should always be using Instance Metadata for your credentials inside of EC2 though. Never use this pattern inside EC2!
Also, make sure you never commit your credentials. That can be an expensive mistake when they show up on Github and people snag them to use them for Bitcoin mining.
NOTE: These snippets include @Inject and @Assisted annotations used by Guice. If you’re not using Guice remove those and the related imports.
Anyway, if you want to use static IAM user credentials you can use a credentials provider like this:
importcom.amazonaws.auth.AWSCredentials;importcom.amazonaws.auth.AWSCredentialsProvider;importcom.google.inject.Inject;importcom.google.inject.assistedinject.Assisted;/** * Created by timmattison on 9/2/14. */publicclassTempNonStsCredentialsProviderimplementsAWSCredentialsProvider{privatefinalStringawsAccessKeyId;privatefinalStringawsSecretKey;@InjectpublicTempNonStsCredentialsProvider(@Assisted("awsAccessKeyId")StringawsAccessKeyId,@Assisted("awsSecretKey")StringawsSecretKey){this.awsAccessKeyId=awsAccessKeyId;this.awsSecretKey=awsSecretKey;}@OverridepublicAWSCredentialsgetCredentials(){returnnewAWSCredentials(){@OverridepublicStringgetAWSAccessKeyId(){returnawsAccessKeyId;}@OverridepublicStringgetAWSSecretKey(){returnawsSecretKey;}};}@Overridepublicvoidrefresh(){// Do nothing}}
Pass in your credentials and you’re good to go. If you’re using STS it requires a little bit more work. Use this instead:
importcom.amazonaws.auth.AWSCredentials;importcom.amazonaws.auth.AWSCredentialsProvider;importcom.amazonaws.auth.BasicSessionCredentials;importcom.amazonaws.services.securitytoken.model.Credentials;importcom.google.inject.assistedinject.Assisted;importjavax.inject.Inject;/** * Created by timmattison on 9/2/14. */publicclassTempStsCredentialsProviderimplementsAWSCredentialsProvider{privatefinalStringawsAccessKeyId;privatefinalStringawsSecretAccessKey;privatefinalStringawsSessionToken;@InjectpublicTempStsCredentialsProvider(@Assisted("awsAccessKeyId")StringawsAccessKeyId,@Assisted("awsSecretAccessKey")StringawsSecretAccessKey,@Assisted("awsSessionToken")StringawsSessionToken){this.awsAccessKeyId=awsAccessKeyId;this.awsSecretAccessKey=awsSecretAccessKey;this.awsSessionToken=awsSessionToken;}@OverridepublicAWSCredentialsgetCredentials(){CredentialssessionCredentials=newCredentials();sessionCredentials.setAccessKeyId(awsAccessKeyId);sessionCredentials.setSecretAccessKey(awsSecretAccessKey);sessionCredentials.setSessionToken(awsSessionToken);BasicSessionCredentialsbasicSessionCredentials=newBasicSessionCredentials(sessionCredentials.getAccessKeyId(),sessionCredentials.getSecretAccessKey(),sessionCredentials.getSessionToken());returnbasicSessionCredentials;}@Overridepublicvoidrefresh(){// Do nothing}}
Now you just need to pass in the extra session token parameter and then you can use this to provide credentials to your AWS calls.