Amazon provides several credentials providers in their Java API that let you use IAM user credentials various ways. The credentials can come from IMDS, environment variables, or a properties file, just to name a few.
If you’re developing and debugging and you need to use STS credentials your options are a bit more limited. To help deal with this I came up with a few bits of code that, for me at least, make it significantly easier.
First, there’s an awscredentials.properties file format you need to follow that looks like this:
Replace the X, Y, and Z strings with your credentials and put them in your resources directory where the classloader can find them. DO NOT COMMIT THEM TO SOURCE CONTROL!
Next, there’s a method that loads these credentials into the system properties:
1234567891011121314151617
privatestaticfinalStringAWSCREDENTIALS_PROPERTIES="awscredentials.properties";voidloadAwsCredentialsProperties()throwsIOException{InputStreaminputStream=this.getClass().getClassLoader().getResourceAsStream(AWSCREDENTIALS_PROPERTIES);// Was there a properties file?if(inputStream==null){// No, just returnreturn;}Propertiesproperties=newProperties(System.getProperties());properties.load(inputStream);// set the system propertiesSystem.setProperties(properties);}
importcom.amazonaws.AmazonClientException;importcom.amazonaws.auth.AWSCredentials;importcom.amazonaws.auth.AWSCredentialsProvider;importcom.amazonaws.auth.BasicSessionCredentials;importcom.amazonaws.services.securitytoken.model.Credentials;importcom.amazonaws.util.StringUtils;/** * Created by timmattison on 9/2/14. */publicclassSystemPropertiesStsCredentialsProviderimplementsAWSCredentialsProvider{privatestaticfinalStringACCESS_KEY_ID_SYSTEM_PROPERTY="aws.accessKeyId";privatestaticfinalStringSECRET_ACCESS_KEY_SYSTEM_PROPERTY="aws.secretAccessKey";privatestaticfinalStringSESSION_TOKEN_SYSTEM_PROPERTY="aws.sessionToken";publicAWSCredentialsgetCredentials(){// Get the access key IDStringaccessKeyId=StringUtils.trim(System.getProperty(ACCESS_KEY_ID_SYSTEM_PROPERTY));// Get the secret access keyStringsecretAccessKey=StringUtils.trim(System.getProperty(SECRET_ACCESS_KEY_SYSTEM_PROPERTY));// Get the session tokenStringsessionToken=StringUtils.trim(System.getProperty(SESSION_TOKEN_SYSTEM_PROPERTY));// Are we missing any of the necessary values?if(StringUtils.isNullOrEmpty(accessKeyId)||StringUtils.isNullOrEmpty(secretAccessKey)||StringUtils.isNullOrEmpty(sessionToken)){// Yes, throw an exception like the Amazon code doesthrownewAmazonClientException("Unable to load AWS credentials from Java system "+"properties ("+ACCESS_KEY_ID_SYSTEM_PROPERTY+", "+SECRET_ACCESS_KEY_SYSTEM_PROPERTY+", and "+SESSION_TOKEN_SYSTEM_PROPERTY+")");}// Create the credentialsCredentialssessionCredentials=newCredentials();sessionCredentials.setAccessKeyId(accessKeyId);sessionCredentials.setSecretAccessKey(secretAccessKey);sessionCredentials.setSessionToken(sessionToken);// Convert them to basic session credentialsBasicSessionCredentialsbasicSessionCredentials=newBasicSessionCredentials(sessionCredentials.getAccessKeyId(),sessionCredentials.getSecretAccessKey(),sessionCredentials.getSessionToken());returnbasicSessionCredentials;}@Overridepublicvoidrefresh(){// Do nothing}}
This should make things quite a bit easier if you don’t have access to a real IAM user and must use STS for your application.