All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper Maven / Gradle / Ivy

There is a newer version: 2.0.0
Show newest version
/*
 * Copyright 2011-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *    http://aws.amazon.com/apache2.0
 *
 * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 * OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and
 * limitations under the License.
 */
package com.amazonaws.auth;

import static com.amazonaws.auth.ContainerCredentialsProvider.CONTAINER_CREDENTIALS_FULL_URI;
import static com.amazonaws.auth.ContainerCredentialsProvider.ECS_CONTAINER_CREDENTIALS_PATH;

import com.amazonaws.auth.ContainerCredentialsProvider.ECSCredentialsEndpointProvider;
import com.amazonaws.auth.ContainerCredentialsProvider.FullUriCredentialsEndpointProvider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * 

* {@link AWSCredentialsProvider} that loads credentials from an Amazon Container (e.g. EC2) * * Credentials are solved in the following order: *

    *
  1. * If environment variable "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" is * set (typically on EC2) it is used to hit the metadata service at the following endpoint: http://169.254.170.2 *
  2. *
  3. * If environment variable "AWS_CONTAINER_CREDENTIALS_FULL_URI" is * set it is used to hit a metadata service at that URI.
    Optionally an authorization token can be included * in the "Authorization" header of the request by setting the "AWS_CONTAINER_AUTHORIZATION_TOKEN" environment variable. *
  4. *
  5. * If neither of the above environment variables are specified credentials are attempted to be loaded from Amazon EC2 * Instance Metadata Service using the {@link InstanceProfileCredentialsProvider}. *
  6. *
*/ public class EC2ContainerCredentialsProviderWrapper implements AWSCredentialsProvider { private static final Log LOG = LogFactory.getLog(EC2ContainerCredentialsProviderWrapper.class); private final AWSCredentialsProvider provider; public EC2ContainerCredentialsProviderWrapper() { provider = initializeProvider(); } private AWSCredentialsProvider initializeProvider() { try { if (System.getenv(ECS_CONTAINER_CREDENTIALS_PATH) != null) { return new ContainerCredentialsProvider(new ECSCredentialsEndpointProvider()); } if (System.getenv(CONTAINER_CREDENTIALS_FULL_URI) != null) { return new ContainerCredentialsProvider(new FullUriCredentialsEndpointProvider()); } return InstanceProfileCredentialsProvider.getInstance(); } catch (SecurityException securityException) { LOG.debug("Security manager did not allow access to the ECS credentials environment variable " + ECS_CONTAINER_CREDENTIALS_PATH + "or the container full URI environment variable " + CONTAINER_CREDENTIALS_FULL_URI + ". Please provide access to this environment variable if you want to load credentials from ECS Container."); return InstanceProfileCredentialsProvider.getInstance(); } } @Override public AWSCredentials getCredentials() { return provider.getCredentials(); } @Override public void refresh() { provider.refresh(); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy