Java 如何配置spring应用程序在AWS上使用IAM角色(在AWS ECS内运行)和在dev env上使用凭据?
如何配置spring boot应用程序以使用IAM角色?下面的代码是否足够?还是我完全错了Java 如何配置spring应用程序在AWS上使用IAM角色(在AWS ECS内运行)和在dev env上使用凭据?,java,amazon-web-services,aws-sdk,amazon-iam,Java,Amazon Web Services,Aws Sdk,Amazon Iam,如何配置spring boot应用程序以使用IAM角色?下面的代码是否足够?还是我完全错了 @Bean public AmazonS3 amazonS3Client() { return AmazonS3ClientBuilder.standard() .withCredentials(new AWSCredentialsProviderChain(InstanceProfileCredentialsProvider.getInstance(), new Pro
@Bean
public AmazonS3 amazonS3Client() {
return AmazonS3ClientBuilder.standard()
.withCredentials(new AWSCredentialsProviderChain(InstanceProfileCredentialsProvider.getInstance(), new ProfileCredentialsProvider()))
.build();
}
使用stsasumerole来实现这一点
@Value("${my.aws.assumeRoleARN:}")
private String assumeRoleARN;
@Bean
@Primary
public AWSCredentialsProvider awsCredentialsProvider() {
log.info("Assuming role {}",assumeRoleARN);
if (StringUtils.isNotEmpty(assumeRoleARN)) {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withClientConfiguration(clientConfiguration())
.withCredentials(awsCredentialsProvider)
.build();
return new STSAssumeRoleSessionCredentialsProvider
.Builder(assumeRoleARN, "role")
.withStsClient(stsClient)
.build();
}
return awsCredentialsProvider;
}
@Bean
@ConfigurationProperties(prefix = "aws.configuration")
public ClientConfiguration clientConfiguration() {
return new ClientConfiguration();
}
@Bean
@Primary
public AmazonS3 amazonS3() {
return AmazonS3ClientBuilder.standard().
withCredentials(awsCredentialsProvider()).
withClientConfiguration(clientConfiguration()).
build();
}
我做了如下操作,工作正常,不要使用InstanceProfileCredentialsProvider.getInstance(),因为它不适用于我
@Bean
public AmazonS3 getS3Client() {
return AmazonS3ClientBuilder.standard()
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
.withRegion(Regions.AP_SOUTHEAST_1).build();
}
根据我的经验,您通常可以使用预配置的链。。文档在这方面可能有点混乱。你有一些预配置链的例子吗?添加你的语言标签,我们会看到我们可以记录什么。请告诉我们你是如何创建awsCredentialsProvider的,你在创建AWSSecurityTokenService bean@ram时通过了它。你可以只做@Autowired private awsCredentialsProviderawsCredentialsProvider。它们将是一个默认的AWSCredentialsProviderbean,已经由SpringCloudThank@Ram创建。我使用了InstanceProfileCredentialsProvider,它工作得非常好。