Setting AWS Credentials: Difference between revisions
(→Java) |
(→Java) |
||
Line 43: | Line 43: | ||
5. '''Instance profile credentials''' on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.html InstanceProfileCredentialsProvider] for that. | 5. '''Instance profile credentials''' on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.html InstanceProfileCredentialsProvider] for that. | ||
===Explicit Credentials=== |
Revision as of 06:41, 30 November 2018
External
- https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format
- https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
Internal
Procedure
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.
Command Line
Access keys can be specified on command line every time an ec2 command is issued, with:
-aws-access-key or -O --aws-secret-key or -W
Environment Variables
Access keys can be specified by setting the following environment variables:
export AWS_ACCESS_KEY=your-aws-access-key-id export AWS_SECRET_KEY=your-aws-secret-key
Java
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:
1. Java system properties ('aws.accessKeyId' adn 'aws.secretAccessKey'). The SDK uses SystemPropertyCredentialsProvider to load these credentials.
2. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses EnvironmentVariableCredentialsProvider for that.
3. The default credential profile file (~/.aws/credentials). The SDK uses ProfileCredentialsProvider for that.
[default] aws_access_key_id=... aws_secret_access_key=...
4. Amazon ECS container credentials. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses CredentialsProvider for that.
5. Instance profile credentials on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses InstanceProfileCredentialsProvider for that.