com.amazonaws.auth

Class STSAssumeRoleSessionCredentialsProvider

java.lang.Object

com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider

All Implemented Interfaces:

AWSCredentialsProvider

public class STSAssumeRoleSessionCredentialsProvider
extends java.lang.Object
implements AWSCredentialsProvider

AWSCredentialsProvider implementation that uses the AWS Security Token Service to assume a Role and create temporary, short-lived sessions to use for authentication.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_DURATION_SECONDS Default duration for started sessions.

Constructor Summary

Constructors

Constructor and Description
STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, java.lang.String roleArn, java.lang.String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, java.lang.String roleArn, java.lang.String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, java.lang.String roleArn, java.lang.String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, java.lang.String roleArn, java.lang.String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
STSAssumeRoleSessionCredentialsProvider(java.lang.String roleArn, java.lang.String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Method Summary

Modifier and Type	Method and Description
AWSCredentials	getCredentials() Returns AWSCredentials which the caller can use to authorize an AWS request.
void	refresh() Forces this credentials provider to refresh its credentials.
void	setSTSClientEndpoint(java.lang.String endpoint) Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_DURATION_SECONDS

public static final int DEFAULT_DURATION_SECONDS

Default duration for started sessions.

See Also:

Constant Field Values

Constructor Detail

STSAssumeRoleSessionCredentialsProvider

public STSAssumeRoleSessionCredentialsProvider(java.lang.String roleArn,
                                               java.lang.String roleSessionName)

Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

roleArn - The ARN of the Role to be assumed.

roleSessionName - An identifier for the assumed role session.

STSAssumeRoleSessionCredentialsProvider

public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
                                               java.lang.String roleArn,
                                               java.lang.String roleSessionName)

Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

longLivedCredentials - The main AWS credentials for a user's account.

roleArn - The ARN of the Role to be assumed.

roleSessionName - An identifier for the assumed role session.

STSAssumeRoleSessionCredentialsProvider

public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
                                               java.lang.String roleArn,
                                               java.lang.String roleSessionName,
                                               ClientConfiguration clientConfiguration)

Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

longLivedCredentials - The main AWS credentials for a user's account.

roleArn - The ARN of the Role to be assumed.

roleSessionName - An identifier for the assumed role session.

clientConfiguration - Client configuration connection parameters.

STSAssumeRoleSessionCredentialsProvider

public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
                                               java.lang.String roleArn,
                                               java.lang.String roleSessionName)

Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.

roleArn - The ARN of the Role to be assumed.

roleSessionName - An identifier for the assumed role session.

STSAssumeRoleSessionCredentialsProvider

public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
                                               java.lang.String roleArn,
                                               java.lang.String roleSessionName,
                                               ClientConfiguration clientConfiguration)

Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.

Parameters:

longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.

roleArn - The ARN of the Role to be assumed.

roleSessionName - An identifier for the assumed role session.

clientConfiguration - Client configuration connection parameters.

Method Detail

setSTSClientEndpoint

public void setSTSClientEndpoint(java.lang.String endpoint)

Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from.

The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for GovCloud.

Setting this invalidates existing session credentials.

getCredentials

public AWSCredentials getCredentials()

Description copied from interface: AWSCredentialsProvider

Returns AWSCredentials which the caller can use to authorize an AWS request. Each implementation of AWSCredentialsProvider can chose its own strategy for loading credentials. For example, an implementation might load credentials from an existing key management system, or load new credentials when credentials are rotated.

Specified by:

getCredentials in interface AWSCredentialsProvider

Returns:

AWSCredentials which the caller can use to authorize an AWS request.

refresh

public void refresh()

Description copied from interface: AWSCredentialsProvider

Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.

Specified by:

refresh in interface AWSCredentialsProvider