Class STSAssumeRoleSessionCredentialsProvider

    • Field Detail

      • DEFAULT_DURATION_SECONDS

        public static final int DEFAULT_DURATION_SECONDS
        Default duration for started sessions.
        See Also:
        Constant Field Values
    • Constructor Detail

      • STSAssumeRoleSessionCredentialsProvider

        public STSAssumeRoleSessionCredentialsProvider​(String roleArn,
                                                       String roleSessionName)
        Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
        Parameters:
        roleArn - The ARN of the Role to be assumed.
        roleSessionName - An identifier for the assumed role session.
      • STSAssumeRoleSessionCredentialsProvider

        public STSAssumeRoleSessionCredentialsProvider​(AWSCredentials longLivedCredentials,
                                                       String roleArn,
                                                       String roleSessionName)
        Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
        Parameters:
        longLivedCredentials - The main AWS credentials for a user's account.
        roleArn - The ARN of the Role to be assumed.
        roleSessionName - An identifier for the assumed role session.
      • STSAssumeRoleSessionCredentialsProvider

        public STSAssumeRoleSessionCredentialsProvider​(AWSCredentials longLivedCredentials,
                                                       String roleArn,
                                                       String roleSessionName,
                                                       ClientConfiguration clientConfiguration)
        Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
        Parameters:
        longLivedCredentials - The main AWS credentials for a user's account.
        roleArn - The ARN of the Role to be assumed.
        roleSessionName - An identifier for the assumed role session.
        clientConfiguration - Client configuration connection parameters.
      • STSAssumeRoleSessionCredentialsProvider

        public STSAssumeRoleSessionCredentialsProvider​(AWSCredentialsProvider longLivedCredentialsProvider,
                                                       String roleArn,
                                                       String roleSessionName)
        Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
        Parameters:
        longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.
        roleArn - The ARN of the Role to be assumed.
        roleSessionName - An identifier for the assumed role session.
      • STSAssumeRoleSessionCredentialsProvider

        public STSAssumeRoleSessionCredentialsProvider​(AWSCredentialsProvider longLivedCredentialsProvider,
                                                       String roleArn,
                                                       String roleSessionName,
                                                       ClientConfiguration clientConfiguration)
        Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
        Parameters:
        longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.
        roleArn - The ARN of the Role to be assumed.
        roleSessionName - An identifier for the assumed role session.
        clientConfiguration - Client configuration connection parameters.
    • Method Detail

      • setSTSClientEndpoint

        @Deprecated
        public void setSTSClientEndpoint​(String endpoint)
        Deprecated.
        This method may be removed in a future major version. Create multiple providers if you need to work with multiple STS endpoints.
        Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from.

        The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for GovCloud.

        Setting this invalidates existing session credentials.
      • getCredentials

        public AWSSessionCredentials getCredentials()
        Description copied from interface: AWSCredentialsProvider
        Returns AWSCredentials which the caller can use to authorize an AWS request. Each implementation of AWSCredentialsProvider can chose its own strategy for loading credentials. For example, an implementation might load credentials from an existing key management system, or load new credentials when credentials are rotated.
        Specified by:
        getCredentials in interface AWSCredentialsProvider
        Specified by:
        getCredentials in interface AWSSessionCredentialsProvider
        Returns:
        AWSCredentials which the caller can use to authorize an AWS request.
      • refresh

        public void refresh()
        Description copied from interface: AWSCredentialsProvider
        Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.
        Specified by:
        refresh in interface AWSCredentialsProvider