Example 16 with BasicSessionCredentials
use of com.amazonaws.auth.BasicSessionCredentials in project aws-doc-sdk-examples by awsdocs.
the class MakingRequestsWithFederatedTempCredentials method main.
public static void main(String[] args) throws IOException {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Specify bucket name ***";
String federatedUser = "*** Federated user name ***";
String resourceARN = "arn:aws:s3:::" + bucketName;
try {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
getFederationTokenRequest.setDurationSeconds(7200);
getFederationTokenRequest.setName(federatedUser);
// Define the policy and add it to the request.
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withActions(S3Actions.ListObjects).withResources(new Resource(resourceARN)));
getFederationTokenRequest.setPolicy(policy.toJson());
// Get the temporary security credentials.
GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
Credentials sessionCredentials = federationTokenResult.getCredentials();
// Package the session credentials as a BasicSessionCredentials
// object for an Amazon S3 client object to use.
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withRegion(clientRegion).build();
// To verify that the client works, send a listObjects request using
// the temporary security credentials.
ObjectListing objects = s3Client.listObjects(bucketName);
System.out.println("No. of Objects = " + objects.getObjectSummaries().size());
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Also used :
Policy(com.amazonaws.auth.policy.Policy)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Statement(com.amazonaws.auth.policy.Statement)
GetFederationTokenRequest(com.amazonaws.services.securitytoken.model.GetFederationTokenRequest)
Resource(com.amazonaws.auth.policy.Resource)
ObjectListing(com.amazonaws.services.s3.model.ObjectListing)
Regions(com.amazonaws.regions.Regions)
AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider)
SdkClientException(com.amazonaws.SdkClientException)
GetFederationTokenResult(com.amazonaws.services.securitytoken.model.GetFederationTokenResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)
AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
Example 17 with BasicSessionCredentials
use of com.amazonaws.auth.BasicSessionCredentials in project aws-doc-sdk-examples by awsdocs.
the class MakingRequestsWithIAMTempCredentials method main.
public static void main(String[] args) {
String clientRegion = "*** Client region ***";
String roleARN = "*** ARN for role to be assumed ***";
String roleSessionName = "*** Role session name ***";
String bucketName = "*** Bucket name ***";
try {
// Creating the STS client is part of your trusted code. It has
// the security credentials you use to obtain temporary security credentials.
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
// Obtain credentials for the IAM role. Note that you cannot assume the role of an AWS root account;
// Amazon S3 will deny access. You must use credentials for an IAM user or an IAM role.
AssumeRoleRequest roleRequest = new AssumeRoleRequest().withRoleArn(roleARN).withRoleSessionName(roleSessionName);
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
// Create a BasicSessionCredentials object that contains the credentials you just retrieved.
BasicSessionCredentials awsCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
// Provide temporary security credentials so that the Amazon S3 client
// can send authenticated requests to Amazon S3. You create the client
// using the sessionCredentials object.
AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).withRegion(clientRegion).build();
// Verify that assuming the role worked and the permissions are set correctly
// by getting a set of object keys from the bucket.
ObjectListing objects = s3Client.listObjects(bucketName);
System.out.println("No. of Objects: " + objects.getObjectSummaries().size());
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
SdkClientException(com.amazonaws.SdkClientException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)
ObjectListing(com.amazonaws.services.s3.model.ObjectListing)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
Example 18 with BasicSessionCredentials
use of com.amazonaws.auth.BasicSessionCredentials in project stocator by SparkTC.
the class COSAPIClient method initiate.
@Override
public void initiate(String scheme) throws IOException, ConfigurationParseException {
mCachedSparkOriginated = new ConcurrentHashMap<String, Boolean>();
mCachedSparkJobsStatus = new HashMap<String, Boolean>();
schemaProvided = scheme;
Properties props = ConfigurationHandler.initialize(filesystemURI, conf, scheme);
// Set bucket name property
int cacheSize = conf.getInt(CACHE_SIZE, GUAVA_CACHE_SIZE_DEFAULT);
memoryCache = MemoryCache.getInstance(cacheSize);
mBucket = props.getProperty(COS_BUCKET_PROPERTY);
workingDir = new Path("/user", System.getProperty("user.name")).makeQualified(filesystemURI, getWorkingDirectory());
LOG.trace("Working directory set to {}", workingDir);
fModeAutomaticDelete = "true".equals(conf.get(FS_STOCATOR_FMODE_DATA_CLEANUP, FS_STOCATOR_FMODE_DATA_CLEANUP_DEFAULT));
mIsV2Signer = "true".equals(props.getProperty(V2_SIGNER_TYPE_COS_PROPERTY, "false"));
// Define COS client
String accessKey = props.getProperty(ACCESS_KEY_COS_PROPERTY);
String secretKey = props.getProperty(SECRET_KEY_COS_PROPERTY);
String sessionToken = props.getProperty(SESSION_TOKEN_COS_PROPERTY);
if (accessKey == null) {
throw new ConfigurationParseException("Access KEY is empty. Please provide valid access key");
}
if (secretKey == null) {
throw new ConfigurationParseException("Secret KEY is empty. Please provide valid secret key");
}
AWSCredentials creds;
if (sessionToken == null) {
creds = new BasicAWSCredentials(accessKey, secretKey);
} else {
creds = new BasicSessionCredentials(accessKey, secretKey, sessionToken);
}
ClientConfiguration clientConf = new ClientConfiguration();
int maxThreads = Utils.getInt(conf, FS_COS, FS_ALT_KEYS, MAX_THREADS, DEFAULT_MAX_THREADS);
if (maxThreads < 2) {
LOG.warn(MAX_THREADS + " must be at least 2: forcing to 2.");
maxThreads = 2;
}
int totalTasks = Utils.getInt(conf, FS_COS, FS_ALT_KEYS, MAX_TOTAL_TASKS, DEFAULT_MAX_TOTAL_TASKS);
long keepAliveTime = Utils.getLong(conf, FS_COS, FS_ALT_KEYS, KEEPALIVE_TIME, DEFAULT_KEEPALIVE_TIME);
threadPoolExecutor = BlockingThreadPoolExecutorService.newInstance(maxThreads, maxThreads + totalTasks, keepAliveTime, TimeUnit.SECONDS, "s3a-transfer-shared");
unboundedThreadPool = new ThreadPoolExecutor(maxThreads, Integer.MAX_VALUE, keepAliveTime, TimeUnit.SECONDS, new LinkedBlockingQueue<Runnable>(), BlockingThreadPoolExecutorService.newDaemonThreadFactory("s3a-transfer-unbounded"));
boolean secureConnections = Utils.getBoolean(conf, FS_COS, FS_ALT_KEYS, SECURE_CONNECTIONS, DEFAULT_SECURE_CONNECTIONS);
clientConf.setProtocol(secureConnections ? Protocol.HTTPS : Protocol.HTTP);
String proxyHost = Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, PROXY_HOST, "");
int proxyPort = Utils.getInt(conf, FS_COS, FS_ALT_KEYS, PROXY_PORT, -1);
if (!proxyHost.isEmpty()) {
clientConf.setProxyHost(proxyHost);
if (proxyPort >= 0) {
clientConf.setProxyPort(proxyPort);
} else {
if (secureConnections) {
LOG.warn("Proxy host set without port. Using HTTPS default 443");
clientConf.setProxyPort(443);
} else {
LOG.warn("Proxy host set without port. Using HTTP default 80");
clientConf.setProxyPort(80);
}
}
String proxyUsername = Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, PROXY_USERNAME);
String proxyPassword = Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, PROXY_PASSWORD);
if ((proxyUsername == null) != (proxyPassword == null)) {
String msg = "Proxy error: " + PROXY_USERNAME + " or " + PROXY_PASSWORD + " set without the other.";
LOG.error(msg);
throw new IllegalArgumentException(msg);
}
clientConf.setProxyUsername(proxyUsername);
clientConf.setProxyPassword(proxyPassword);
clientConf.setProxyDomain(Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, PROXY_DOMAIN));
clientConf.setProxyWorkstation(Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, PROXY_WORKSTATION));
if (LOG.isDebugEnabled()) {
LOG.debug("Using proxy server {}:{} as user {} on " + "domain {} as workstation {}", clientConf.getProxyHost(), clientConf.getProxyPort(), String.valueOf(clientConf.getProxyUsername()), clientConf.getProxyDomain(), clientConf.getProxyWorkstation());
}
} else if (proxyPort >= 0) {
String msg = "Proxy error: " + PROXY_PORT + " set without " + PROXY_HOST;
LOG.error(msg);
throw new IllegalArgumentException(msg);
}
initConnectionSettings(conf, clientConf);
if (mIsV2Signer) {
clientConf.withSignerOverride("S3SignerType");
}
mClient = new AmazonS3Client(creds, clientConf);
final String serviceUrl = props.getProperty(ENDPOINT_URL_COS_PROPERTY);
if (serviceUrl != null && !serviceUrl.equals(amazonDefaultEndpoint)) {
mClient.setEndpoint(serviceUrl);
}
mClient.setS3ClientOptions(S3ClientOptions.builder().setPathStyleAccess(true).build());
// Set block size property
String mBlockSizeString = props.getProperty(BLOCK_SIZE_COS_PROPERTY, "128");
mBlockSize = Long.valueOf(mBlockSizeString).longValue() * 1024 * 1024L;
bufferDirectory = Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, BUFFER_DIR);
bufferDirectoryKey = Utils.getConfigKey(conf, FS_COS, FS_ALT_KEYS, BUFFER_DIR);
LOG.trace("Buffer directory is set to {} for the key {}", bufferDirectory, bufferDirectoryKey);
boolean autoCreateBucket = "true".equalsIgnoreCase((props.getProperty(AUTO_BUCKET_CREATE_COS_PROPERTY, "false")));
partSize = Utils.getLong(conf, FS_COS, FS_ALT_KEYS, MULTIPART_SIZE, DEFAULT_MULTIPART_SIZE);
multiPartThreshold = Utils.getLong(conf, FS_COS, FS_ALT_KEYS, MIN_MULTIPART_THRESHOLD, DEFAULT_MIN_MULTIPART_THRESHOLD);
readAhead = Utils.getLong(conf, FS_COS, FS_ALT_KEYS, READAHEAD_RANGE, DEFAULT_READAHEAD_RANGE);
LOG.debug(READAHEAD_RANGE + ":" + readAhead);
inputPolicy = COSInputPolicy.getPolicy(Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, INPUT_FADVISE, INPUT_FADV_NORMAL));
initTransferManager();
maxKeys = Utils.getInt(conf, FS_COS, FS_ALT_KEYS, MAX_PAGING_KEYS, DEFAULT_MAX_PAGING_KEYS);
flatListingFlag = Utils.getBoolean(conf, FS_COS, FS_ALT_KEYS, FLAT_LISTING, DEFAULT_FLAT_LISTING);
if (autoCreateBucket) {
try {
boolean bucketExist = mClient.doesBucketExist(mBucket);
if (bucketExist) {
LOG.trace("Bucket {} exists", mBucket);
} else {
LOG.trace("Bucket {} doesn`t exists and autocreate", mBucket);
String mRegion = props.getProperty(REGION_COS_PROPERTY);
if (mRegion == null) {
mClient.createBucket(mBucket);
} else {
LOG.trace("Creating bucket {} in region {}", mBucket, mRegion);
mClient.createBucket(mBucket, mRegion);
}
}
} catch (AmazonServiceException ase) {
/*
* we ignore the BucketAlreadyExists exception since multiple processes or threads
* might try to create the bucket in parrallel, therefore it is expected that
* some will fail to create the bucket
*/
if (!ase.getErrorCode().equals("BucketAlreadyExists")) {
LOG.error(ase.getMessage());
throw (ase);
}
} catch (Exception e) {
LOG.error(e.getMessage());
throw (e);
}
}
initMultipartUploads(conf);
enableMultiObjectsDelete = Utils.getBoolean(conf, FS_COS, FS_ALT_KEYS, ENABLE_MULTI_DELETE, true);
blockUploadEnabled = Utils.getBoolean(conf, FS_COS, FS_ALT_KEYS, FAST_UPLOAD, DEFAULT_FAST_UPLOAD);
if (blockUploadEnabled) {
blockOutputBuffer = Utils.getTrimmed(conf, FS_COS, FS_ALT_KEYS, FAST_UPLOAD_BUFFER, DEFAULT_FAST_UPLOAD_BUFFER);
partSize = COSUtils.ensureOutputParameterInRange(MULTIPART_SIZE, partSize);
blockFactory = COSDataBlocks.createFactory(this, blockOutputBuffer);
blockOutputActiveBlocks = Utils.getInt(conf, FS_COS, FS_ALT_KEYS, FAST_UPLOAD_ACTIVE_BLOCKS, DEFAULT_FAST_UPLOAD_ACTIVE_BLOCKS);
LOG.debug("Using COSBlockOutputStream with buffer = {}; block={};" + " queue limit={}", blockOutputBuffer, partSize, blockOutputActiveBlocks);
} else {
LOG.debug("Using COSOutputStream");
}
atomicWriteEnabled = Utils.getBoolean(conf, FS_COS, FS_ALT_KEYS, ATOMIC_WRITE, DEFAULT_ATOMIC_WRITE);
}
Also used :
StocatorPath(com.ibm.stocator.fs.common.StocatorPath)
Path(org.apache.hadoop.fs.Path)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
ConfigurationParseException(com.ibm.stocator.fs.common.exception.ConfigurationParseException)
Properties(java.util.Properties)
LinkedBlockingQueue(java.util.concurrent.LinkedBlockingQueue)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
ConfigurationParseException(com.ibm.stocator.fs.common.exception.ConfigurationParseException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
AmazonClientException(com.amazonaws.AmazonClientException)
InterruptedIOException(java.io.InterruptedIOException)
AmazonS3Exception(com.amazonaws.services.s3.model.AmazonS3Exception)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
COSUtils.translateException(com.ibm.stocator.fs.cos.COSUtils.translateException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AmazonS3Client(com.amazonaws.services.s3.AmazonS3Client)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)
ClientConfiguration(com.amazonaws.ClientConfiguration)
Example 19 with BasicSessionCredentials
use of com.amazonaws.auth.BasicSessionCredentials in project athenz by yahoo.
the class CloudStoreTest method testGetTokenServiceClient.
@Test
public void testGetTokenServiceClient() {
CloudStore store = new CloudStore();
store.credentials = new BasicSessionCredentials("accessKey", "secretKey", "token");
store.awsEnabled = true;
store.awsRegion = "us-west-2";
assertNotNull(store.getTokenServiceClient());
store.close();
}
Also used :
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Test(org.testng.annotations.Test)
Example 20 with BasicSessionCredentials
use of com.amazonaws.auth.BasicSessionCredentials in project Gatekeeper by FINRAOS.
the class AwsSessionService method getSsmSession.
public AWSSimpleSystemsManagementClient getSsmSession(AWSEnvironment environment) {
BasicSessionCredentials creds = credentialCache.getUnchecked(environment);
AWSSimpleSystemsManagementClient ssm = awsSessionFactory.createSsmSession(creds);
ssm.setRegion(Region.getRegion(Regions.fromName(environment.getRegion())));
return ssm;
}
Also used :
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
AWSSimpleSystemsManagementClient(com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient)
Aggregations
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)28
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)9
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)8
Credentials (com.amazonaws.services.securitytoken.model.Credentials)6
AWSCredentials (com.amazonaws.auth.AWSCredentials)5
AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)5
AmazonS3Client (com.amazonaws.services.s3.AmazonS3Client)5
Test (org.junit.Test)5
AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)4
AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)4
AmazonServiceException (com.amazonaws.AmazonServiceException)3
ClientConfiguration (com.amazonaws.ClientConfiguration)3
SdkClientException (com.amazonaws.SdkClientException)3
AmazonS3 (com.amazonaws.services.s3.AmazonS3)3
AmazonClientException (com.amazonaws.AmazonClientException)2
ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)2
ObjectListing (com.amazonaws.services.s3.model.ObjectListing)2
AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)2
IOException (java.io.IOException)2
AWSCredentialsProviderChain (com.amazonaws.auth.AWSCredentialsProviderChain)1
