Credentials referenced by the AWS SDK for Java by default

It is written with reference to aws-sdk-java 1.11.179.

By default, the AWS SDK for Java reads credentials from various locations. [JavaDoc for DefaultAWSCredentialsProviderChain]( If you look at java # L19-L38), it says quite a bit. Let's take a look at this and the implementation of each Provider to see what's going on.

The following are tried in sequence to take advantage of the first credential found.

  1. Environment variable [EnvironmentVariableCredentialsProvider]( --ʻAWS_ACCESS_KEY_ID and ʻAWS_SECRET_ACCESS_KEY environment variables (This is recommended because it is also used by SDKs other than Java) --ʻAWS_ACCESS_KEY and ʻAWS_SECRET_KEY environment variables --When using AWS STS ʻAWS_SESSION_TOKEN` environment variable
  2. Java System Properties [SystemPropertiesCredentialsProvider]( / --ʻAws.accessKeyId and ʻaws.secretKey system properties --When using AWS STS ʻaws.sessionToken` System Properties
  3. Profile Credentials Provider ( /profile/ --The default file is ~ / .aws / credentials --The location of the file can be specified with the ʻAWS_CREDENTIAL_PROFILES_FILEenvironment variable --The old~ / .aws / configis also read for the time being --Multiple authentication information can be described in the file. Thedefault profile is loaded by default --You can specify a profile with the ʻAWS_PROFILE environment variable or the ʻaws.profile` system property. --If the reload lock can be acquired, it will be reloaded once every 5 minutes. --Reload once every 10 minutes even if the reload lock cannot be acquired
  4. Credentials available inside the EC2 container [EC2ContainerCredentialsProviderWrapper]( /com/amazonaws/auth/ -IAM Roles for AWS ECS Tasks. ʻ The AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` environment variable is used. -EC2 Instance Profiles. InstanceProfileCredentialsProvider It is implemented in.

The defaults are sufficient in most cases, as you can make quite a few settings using environment variables and system properties. Creating your own Credentials provider chain can be inflexible and painful. If environment variables and system properties aren't available and you really want to customize them, you can put DefaultAWSCredentialsProviderChain at the end of the chain.

Recommended Posts

Credentials referenced by the AWS SDK for Java by default
AWS SDK for Java 1.11.x and 2.x
[AWS SDK for Java] Set a retry policy on the S3 client
[For beginners] About the JavaScript syntax explained by Java Gold
Traps brought about by the default implementation of the Java 8 interface
Try Spark Submit to EMR using AWS SDK for Java
Exceptions encountered in the AWS SDK
Encrypt data uploaded to S3 using AWS SDK for Java / SSE-KMS
Get a list of S3 files with ListObjectsV2Request (AWS SDK for Java)
Change the default timezone for the rails app
About the procedure for java to work
Java Programming Style Guide for the Java 11 Era
Learning for the first time java [Introduction]
The story received by Java SE11 silver
Test post (SHA-256 mining for blockchain by Java)
9 strongest sites for learning Java by self study
ChatWork4j for using the ChatWork API in Java
AWS SDK for Ruby profile change & assume role
Walls hit by Rspec for the first time
What is the volatile modifier for Java variables?
[Java] (for MacOS) How to set the classpath
[Java] Judgment by entering characters in the terminal
Use Java external library for the time being
Run Dataflow, Java, streaming for the time being
[Java] The word passing by reference is bad!
I wrote a test code (Junit & mockit) for the code that calls the AWS API (Java)