Package com.amazonaws.auth
Class STSAssumeRoleSessionCredentialsProvider
java.lang.Object
com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider
- All Implemented Interfaces:
AWSCredentialsProvider
,AWSSessionCredentialsProvider
@ThreadSafe
public class STSAssumeRoleSessionCredentialsProvider
extends Object
implements AWSSessionCredentialsProvider
AWSCredentialsProvider implementation that uses the AWS Security Token Service to assume a Role
and create temporary, short-lived sessions to use for authentication.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final class
Provides a builder pattern to avoid combinatorial explosion of the number of parameters that are passed to constructors. -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
Default duration for started sessions. -
Constructor Summary
ConstructorsConstructorDescriptionSTSAssumeRoleSessionCredentialsProvider
(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSAssumeRoleSessionCredentialsProvider
(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSAssumeRoleSessionCredentialsProvider
(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSAssumeRoleSessionCredentialsProvider
(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.STSAssumeRoleSessionCredentialsProvider
(String roleArn, String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method. -
Method Summary
Modifier and TypeMethodDescriptionReturns AWSCredentials which the caller can use to authorize an AWS request.void
refresh()
Forces this credentials provider to refresh its credentials.void
setSTSClientEndpoint
(String endpoint) Deprecated.This method may be removed in a future major version.
-
Field Details
-
DEFAULT_DURATION_SECONDS
public static final int DEFAULT_DURATION_SECONDSDefault duration for started sessions.- See Also:
-
-
Constructor Details
-
STSAssumeRoleSessionCredentialsProvider
Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.
-
STSAssumeRoleSessionCredentialsProvider
public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentials
- The main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.
-
STSAssumeRoleSessionCredentialsProvider
public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentials
- The main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.clientConfiguration
- Client configuration connection parameters.
-
STSAssumeRoleSessionCredentialsProvider
public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.
-
STSAssumeRoleSessionCredentialsProvider
public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration) Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the providedroleArn
to assume a role and then request short lived session credentials, which will then be returned by this class'sgetCredentials()
method.- Parameters:
longLivedCredentialsProvider
- Credentials provider for the main AWS credentials for a user's account.roleArn
- The ARN of the Role to be assumed.roleSessionName
- An identifier for the assumed role session.clientConfiguration
- Client configuration connection parameters.
-
-
Method Details
-
setSTSClientEndpoint
Deprecated.This method may be removed in a future major version. Create multiple providers if you need to work with multiple STS endpoints.Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from. The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for GovCloud. Setting this invalidates existing session credentials. -
getCredentials
Description copied from interface:AWSCredentialsProvider
Returns AWSCredentials which the caller can use to authorize an AWS request. Each implementation of AWSCredentialsProvider can chose its own strategy for loading credentials. For example, an implementation might load credentials from an existing key management system, or load new credentials when credentials are rotated.- Specified by:
getCredentials
in interfaceAWSCredentialsProvider
- Specified by:
getCredentials
in interfaceAWSSessionCredentialsProvider
- Returns:
- AWSCredentials which the caller can use to authorize an AWS request.
-
refresh
public void refresh()Description copied from interface:AWSCredentialsProvider
Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.- Specified by:
refresh
in interfaceAWSCredentialsProvider
-