Skip to content

Commit

Permalink
Add support for STS Regional Endpoint (#118)
Browse files Browse the repository at this point in the history
  • Loading branch information
menuetb authored and plazma-prizma committed Jul 7, 2023
1 parent 4e75798 commit ed0027f
Showing 1 changed file with 25 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
import com.amazonaws.auth.WebIdentityTokenCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.retry.PredefinedBackoffStrategies;
import com.amazonaws.retry.v2.AndRetryCondition;
import com.amazonaws.retry.v2.MaxNumberOfRetriesCondition;
Expand Down Expand Up @@ -267,6 +269,22 @@ public int getMaxBackOffTimeMs() {
.orElse(DEFAULT_MAX_BACK_OFF_TIME_MS);
}

public EndpointConfiguration buildEndpointConfiguration(String stsRegion){
//An AWSSecurityTokenService with a regional endpoint configuration
EndpointConfiguration endpointConfiguration =
new AwsClientBuilder.EndpointConfiguration(
String.format("sts.%s.amazonaws.com", stsRegion),
stsRegion);
//An AWSSecurityTokenService with a global endpoint configuration
if (stsRegion.equals("aws-global")) {
endpointConfiguration =
new EndpointConfiguration(
"sts.amazonaws.com",
stsRegion);
}
return endpointConfiguration;
}

private Optional<EnhancedProfileCredentialsProvider> getProfileProvider() {
return Optional.ofNullable(optionsMap.get(AWS_PROFILE_NAME_KEY)).map(p -> {
if (log.isDebugEnabled()) {
Expand Down Expand Up @@ -311,8 +329,9 @@ else if (externalId != null) {

STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String roleArn,
String sessionName, String stsRegion) {
EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(stsRegion)
.withEndpointConfiguration(endpointConfiguration)
.build();
return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, sessionName)
.withStsClient(stsClient)
Expand All @@ -322,8 +341,9 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String roleArn,
String sessionName, String stsRegion,
AWSCredentialsProvider credentials) {
EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(stsRegion)
.withEndpointConfiguration(endpointConfiguration)
.withCredentials(credentials)
.build();

Expand All @@ -336,8 +356,10 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
String externalId,
String sessionName,
String stsRegion) {

EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(stsRegion)
.withEndpointConfiguration(endpointConfiguration)
.build();

return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, sessionName)
Expand Down

0 comments on commit ed0027f

Please sign in to comment.