Setting AWS Credentials: Difference between revisions
Jump to navigation
Jump to search
(→Java) |
(→Java) |
||
| Line 28: | Line 28: | ||
==Java== | ==Java== | ||
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/ | The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html DefaultCredentialProvider]. Credentials are looked up in order: | ||
# Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/index.html?software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html SystemPropertyCredentialsProvider] to load these credentials. | # Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/index.html?software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html SystemPropertyCredentialsProvider] to load these credentials. | ||
Revision as of 06:09, 30 November 2018
External
- https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format
- https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
Internal
Procedure
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.
Command Line
Access keys can be specified on command line every time an ec2 command is issued, with:
-aws-access-key or -O --aws-secret-key or -W
Environment Variables
Access keys can be specified by setting the following environment variables:
export AWS_ACCESS_KEY=your-aws-access-key-id export AWS_SECRET_KEY=your-aws-secret-key
Java
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:
- Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses SystemPropertyCredentialsProvider to load these credentials.
In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:
[default] aws_access_key_id=... aws_secret_access_key=...
com.uplift.dev.cryptm.CryptoConverterTests > convertToDatabaseColumn_convertToEntityAttribute STANDARD_ERROR 30-Nov-2018 03:46:58 com.amazonaws.services.kms.model.AWSKMSException: User: arn:aws:sts::144446676909:assumed-role/IamBambooBuildRole/i-07683b7dde59c0696 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-west-2:673499572719:key/0138371a-8054-4c96-9d1f-20a4db2c4ffd (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 49ba097c-506b-4387-a3a3-7bee0e2e9efd)