Examples with AssumeRoleRequest com.amazonaws.services.securitytoken.model.AssumeRoleRequest used on opensource projects

Search in sources :

Example 31 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project knime-cloud by knime.

the class AmazonCredentialHelper method getCredential.

/**
 * @param connectionInformation CloudConnectionInformation to create credentials for
 * @return {@link AWSCredentials} for the given {@link CloudConnectionInformation}
 * @throws Exception
 */
public static AWSCredentials getCredential(final CloudConnectionInformation connectionInformation) throws Exception {
    final AWSSecurityTokenServiceClientBuilder builder = AWSSecurityTokenServiceClientBuilder.standard().withRegion(connectionInformation.getHost());
    if (!connectionInformation.useKeyChain()) {
        AWSCredentials credentials;
        credentials = getCredentials(connectionInformation);
        builder.withCredentials(new AWSStaticCredentialsProvider(credentials));
    }
    final AWSSecurityTokenService stsClient = builder.build();
    final AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleArn(buildARN(connectionInformation)).withDurationSeconds(3600).withRoleSessionName("KNIME_S3_Connection");
    final AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRoleRequest);
    final BasicSessionCredentials credentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken());
    return credentials;
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AWSSecurityTokenServiceClientBuilder(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AnonymousAWSCredentials(com.amazonaws.auth.AnonymousAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService)

Example 32 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project aws-doc-sdk-examples by awsdocs.

the class MakingRequestsWithIAMTempCredentials method main.

public static void main(String[] args) {
    String clientRegion = "*** Client region ***";
    String roleARN = "*** ARN for role to be assumed ***";
    String roleSessionName = "*** Role session name ***";
    String bucketName = "*** Bucket name ***";
    try {
        // Creating the STS client is part of your trusted code. It has
        // the security credentials you use to obtain temporary security credentials.
        AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
        // Obtain credentials for the IAM role. Note that you cannot assume the role of an AWS root account;
        // Amazon S3 will deny access. You must use credentials for an IAM user or an IAM role.
        AssumeRoleRequest roleRequest = new AssumeRoleRequest().withRoleArn(roleARN).withRoleSessionName(roleSessionName);
        AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
        Credentials sessionCredentials = roleResponse.getCredentials();
        // Create a BasicSessionCredentials object that contains the credentials you just retrieved.
        BasicSessionCredentials awsCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
        // Provide temporary security credentials so that the Amazon S3 client
        // can send authenticated requests to Amazon S3. You create the client
        // using the sessionCredentials object.
        AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).withRegion(clientRegion).build();
        // Verify that assuming the role worked and the permissions are set correctly
        // by getting a set of object keys from the bucket.
        ObjectListing objects = s3Client.listObjects(bucketName);
        System.out.println("No. of Objects: " + objects.getObjectSummaries().size());
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AmazonS3(com.amazonaws.services.s3.AmazonS3) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) SdkClientException(com.amazonaws.SdkClientException) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) ObjectListing(com.amazonaws.services.s3.model.ObjectListing) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials)

Example 33 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.

the class ZTSClient method getAssumeRoleRequest.

AssumeRoleRequest getAssumeRoleRequest(String account, String roleName) {
    // assume the target role to get the credentials for the client
    // aws format is arn:aws:iam::<account-id>:role/<role-name>
    final String arn = "arn:aws:iam::" + account + ":role/" + roleName;
    AssumeRoleRequest req = new AssumeRoleRequest();
    req.setRoleArn(arn);
    req.setRoleSessionName(roleName);
    return req;
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) DERIA5String(org.bouncycastle.asn1.DERIA5String)

Example 34 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.

the class CloudStore method assumeAWSRole.

public AWSTemporaryCredentials assumeAWSRole(String account, String roleName, String principal) {
    if (!awsEnabled) {
        throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "AWS Support not enabled");
    }
    AssumeRoleRequest req = getAssumeRoleRequest(account, roleName, principal);
    AWSTemporaryCredentials tempCreds = null;
    try {
        AWSSecurityTokenServiceClient client = getTokenServiceClient();
        AssumeRoleResult res = client.assumeRole(req);
        Credentials awsCreds = res.getCredentials();
        tempCreds = new AWSTemporaryCredentials().setAccessKeyId(awsCreds.getAccessKeyId()).setSecretAccessKey(awsCreds.getSecretAccessKey()).setSessionToken(awsCreds.getSessionToken()).setExpiration(Timestamp.fromMillis(awsCreds.getExpiration().getTime()));
    } catch (Exception ex) {
        LOGGER.error("CloudStore: assumeAWSRole - unable to assume role: " + ex.getMessage());
        return null;
    }
    return tempCreds;
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) ResourceException(com.yahoo.athenz.zts.ResourceException) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials) AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials) TimeoutException(java.util.concurrent.TimeoutException) ResourceException(com.yahoo.athenz.zts.ResourceException) ExecutionException(java.util.concurrent.ExecutionException)

Example 35 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project ice by Netflix.

the class AwsUtils method getAssumedCredentials.

/**
 * Get assumes IAM credentials.
 * @param accountId
 * @param assumeRole
 * @return assumes IAM credentials
 */
public static Credentials getAssumedCredentials(String accountId, String assumeRole, String externalId) {
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleArn("arn:aws:iam::" + accountId + ":role/" + assumeRole).withRoleSessionName(assumeRole.substring(0, Math.min(assumeRole.length(), 32)));
    if (!StringUtils.isEmpty(externalId))
        assumeRoleRequest.setExternalId(externalId);
    AssumeRoleResult roleResult = securityClient.assumeRole(assumeRoleRequest);
    return roleResult.getCredentials();
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)

Aggregations

AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)53 AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)41 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)30 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)28 Regions (com.amazonaws.regions.Regions)13 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)11 Credentials (com.amazonaws.services.securitytoken.model.Credentials)11 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)10 AmazonDynamoDBClient (com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient)10 AWSCredentials (com.amazonaws.auth.AWSCredentials)9 AWSSecurityTokenServiceClientBuilder (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder)8 AutomationException (exceptions.AutomationException)7 ClientConfiguration (com.amazonaws.ClientConfiguration)6 AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)6 AmazonServiceException (com.amazonaws.AmazonServiceException)4 Test (org.testng.annotations.Test)4 AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)3 DeleteItemSpec (com.amazonaws.services.dynamodbv2.document.spec.DeleteItemSpec)3 AWSSessionCredentials (com.amazonaws.auth.AWSSessionCredentials)2 AnonymousAWSCredentials (com.amazonaws.auth.AnonymousAWSCredentials)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial