Amazon web services 使用STS JAVA SDK的AWS S3授权_Amazon Web Services_Amazon S3_Aws Sdk_Aws Sts_Aws Sdk Java

Amazon web services 使用STS JAVA SDK的AWS S3授权

amazon-web-services amazon-s3

Amazon web services 使用STS JAVA SDK的AWS S3授权,amazon-web-services,amazon-s3,aws-sdk,aws-sts,aws-sdk-java,Amazon Web Services,Amazon S3,Aws Sdk,Aws Sts,Aws Sdk Java,我有一个应用程序实例在EKS中运行，设置了以下变量： declare -x AWS_DEFAULT_REGION="us-west-2" declare -x AWS_REGION="us-west-2" declare -x AWS_ROLE_ARN="xxxxx" declare -x AWS_WEB_IDENTITY_TOKEN_FILE="/var/run/secrets/eks.amazonaws.com/servi

我有一个应用程序实例在EKS中运行，设置了以下变量：

declare -x AWS_DEFAULT_REGION="us-west-2"
declare -x AWS_REGION="us-west-2"
declare -x AWS_ROLE_ARN="xxxxx"
declare -x AWS_WEB_IDENTITY_TOKEN_FILE="/var/run/secrets/eks.amazonaws.com/serviceaccount/token"

据我所知，有一个默认的Java SDK授权链，包含

com.amazonaws.auth.WebIdentityTokenCredentialsProvider

，它在引擎盖下构建

com.amazonaws.services.securitytoken.AWSSecurityTokenService

但我不知道这个循环依赖是如何解决的？我的意思是，您需要在创建

AWSSecurityTokenService

期间指定凭据，但凭据会创建服务本身

我有这样做的实际需求，我想在sts客户机中定制端点，但由于循环依赖性，所以不能

AWSSecurityTokenServiceClientBuilder.standard()
        .withCredentials(new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
                "arn",
                "session",
                "tokenfile")
                .withStsClient(xxxx)
                .build())
        .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("http://localhost:4566", null))
        .build()

这很容易。它只是通过匿名身份验证（）

        return AWSSecurityTokenServiceClientBuilder.standard()
                                                   .withClientConfiguration(clientConfiguration)
                                                   .withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()))
                                                   .build();