Amazon web services 使用STS JAVA SDK的AWS S3授权
我有一个应用程序实例在EKS中运行,设置了以下变量:Amazon web services 使用STS JAVA SDK的AWS S3授权,amazon-web-services,amazon-s3,aws-sdk,aws-sts,aws-sdk-java,Amazon Web Services,Amazon S3,Aws Sdk,Aws Sts,Aws Sdk Java,我有一个应用程序实例在EKS中运行,设置了以下变量: declare -x AWS_DEFAULT_REGION="us-west-2" declare -x AWS_REGION="us-west-2" declare -x AWS_ROLE_ARN="xxxxx" declare -x AWS_WEB_IDENTITY_TOKEN_FILE="/var/run/secrets/eks.amazonaws.com/servi
declare -x AWS_DEFAULT_REGION="us-west-2"
declare -x AWS_REGION="us-west-2"
declare -x AWS_ROLE_ARN="xxxxx"
declare -x AWS_WEB_IDENTITY_TOKEN_FILE="/var/run/secrets/eks.amazonaws.com/serviceaccount/token"
据我所知,有一个默认的Java SDK授权链,包含com.amazonaws.auth.WebIdentityTokenCredentialsProvider
,它在引擎盖下构建com.amazonaws.services.securitytoken.AWSSecurityTokenService
但我不知道这个循环依赖是如何解决的?我的意思是,您需要在创建AWSSecurityTokenService
期间指定凭据,但凭据会创建服务本身
我有这样做的实际需求,我想在sts客户机中定制端点,但由于循环依赖性,所以不能
AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
"arn",
"session",
"tokenfile")
.withStsClient(xxxx)
.build())
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("http://localhost:4566", null))
.build()
这很容易。它只是通过匿名身份验证()
return AWSSecurityTokenServiceClientBuilder.standard()
.withClientConfiguration(clientConfiguration)
.withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()))
.build();