I’m working on a Spring Boot backend service where I need to access certain S3 buckets programmatically using IAM Roles Anywhere. I found the following documentation for RolesAnywhereClient in the AWS SDK for Java V2:
However, I’m unsure how to use it to create IAM Roles Anywhere sessions and authenticate to access S3.
I have all credentials needed for IAM roles anywhere: profile-arn, trust-anchor-arn, role-arn, certificate and private key. How to programmatically create IAM Roles Anywhere sessions with AWS SDK for Java V2 in a Spring Boot service to access S3 buckets?
2
Answers
I had exact requirements for JAVA + Spring Boot!
⚠️ one may do some tweaks to make it non spring boot based ⚠️
I had created a blog relating to the almost same problem/ integration. Link here
The example code is on Github here
Main part is that I created a new Credential Provider that extends the AWS SDKs credential provider, that internally binds to a RestClient which calls the roles anywhere
/sessions
endpoint🎉 Bonus Part 🎉 The code refreshes the AWS credentials just before expiry of the previous set of credentials. This action is configurable based on a simple boolean flag.
This approach, does not requires to create a customization around the build package to mandate the inclusion the aws signing helper
Additionally, with some tweaks this can be made reusable for non Spring based projects too.
Happy to assist further
Example configuration:-
Example application properties, strictly coupled with
AwsRolesAnywhereProperties
As a quick way to create a session and get temporary creds, you can leverage the credential helper tool.
After you get all the pieces assembled locally and you get the helper tool working from the command line to return temp creds, you can add the command to the
~/.aws/config
file:Then in Java:
Or use a
ProcessCredentialsProvider
if you want to do it all in code: