search

aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.12k stars 802 forks source link

assumeRoleWithWebIdentity doesn't work from java API but does work from the cli interface #5294

Closed MathiasVE closed 1 week ago

MathiasVE commented 2 weeks ago

Describe the bug

Performing stsClient.assumeRoleWithWebIdentity results in software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain.

Expected Behavior

I would expect to get the valid credentials. I tested with the same input parameters as the aws cli within the same GKE cluster environment and service account where I successfully receive the temporary credentials.

aws sts assume-role-with-web-identity --role-arn $ROLE_ARN --role-session-name $SUB --web-identity-token $TOKEN

output:

{
    "Credentials": {
        "AccessKeyId": "*************************",
        "SecretAccessKey": "*************************",
        "SessionToken": "*************************",
        "Expiration": "2024-06-13T19:20:16+00:00"
    },
    "SubjectFromWebIdentityToken": "*************************",
    "AssumedRoleUser": {
        "AssumedRoleId": "*************************",
        "Arn": "*************************"
    },
    "Provider": "accounts.google.com",
    "Audience": "*************************"
}

Current Behavior

2024-06-13T17:28:40.494167858Z org.springframework.context.ApplicationContextException: Unable to start web server
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:165) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:618) ~[spring-context-6.1.8.jar!/:6.1.8]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:335) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1363) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1352) ~[spring-boot-3.2.6.jar!/:3.2.6]
    at com.itoaka.backend.BackendApplication.main(BackendApplication.java:17) ~[!/:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
    at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
    at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91) ~[app.jar:na]
    at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53) ~[app.jar:na]
    at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:58) ~[app.jar:na]
    ...
Caused by: software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(sections=[])): Profile file contained no credentials for profile 'default': ProfileFile(sections=[]), ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:130) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.118153092Z software.amazon.awssdk.core.exception.SdkClientException: Failed to load credentials from IMDS.
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.exception.SdkClientException.create(SdkClientException.java:47) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.refreshCredentials(InstanceProfileCredentialsProvider.java:167) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.resolveCredentials(InstanceProfileCredentialsProvider.java:149) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]
Caused by: software.amazon.awssdk.core.exception.SdkClientException: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:125) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:91) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.lambda$getSecurityCredentials$3(InstanceProfileCredentialsProvider.java:283) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.FunctionalUtils.lambda$safeSupplier$4(FunctionalUtils.java:108) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.FunctionalUtils.invokeSafely(FunctionalUtils.java:136) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.getSecurityCredentials(InstanceProfileCredentialsProvider.java:283) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.createEndpointProvider(InstanceProfileCredentialsProvider.java:212) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.refreshCredentials(InstanceProfileCredentialsProvider.java:158) ~[auth-2.26.1.jar!/:na]
    ... 174 common frames omitted

2024-06-13T17:28:40.110193553Z software.amazon.awssdk.core.exception.SdkClientException: Failed to load credentials from IMDS.
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.exception.SdkClientException.create(SdkClientException.java:47) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.refreshCredentials(InstanceProfileCredentialsProvider.java:167) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.resolveCredentials(InstanceProfileCredentialsProvider.java:149) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]
Caused by: software.amazon.awssdk.core.exception.SdkClientException: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:125) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:91) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.lambda$getSecurityCredentials$3(InstanceProfileCredentialsProvider.java:283) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.FunctionalUtils.lambda$safeSupplier$4(FunctionalUtils.java:108) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.FunctionalUtils.invokeSafely(FunctionalUtils.java:136) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.getSecurityCredentials(InstanceProfileCredentialsProvider.java:283) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.createEndpointProvider(InstanceProfileCredentialsProvider.java:212) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.refreshCredentials(InstanceProfileCredentialsProvider.java:158) ~[auth-2.26.1.jar!/:na]
    ... 174 common frames omitted

2024-06-13T17:28:40.092551086Z software.amazon.awssdk.core.exception.SdkClientException: The requested metadata is not found at http://169.254.169.254/latest/api/token
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:125) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.getToken(InstanceProfileCredentialsProvider.java:233) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.createEndpointProvider(InstanceProfileCredentialsProvider.java:211) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.refreshCredentials(InstanceProfileCredentialsProvider.java:158) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.resolveCredentials(InstanceProfileCredentialsProvider.java:149) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.055260902Z software.amazon.awssdk.core.exception.SdkClientException: Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set.
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider$ContainerCredentialsEndpointProvider.endpoint(ContainerCredentialsProvider.java:190) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:112) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:91) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader.loadCredentials(HttpCredentialsLoader.java:60) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider.refreshCredentials(ContainerCredentialsProvider.java:130) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider.resolveCredentials(ContainerCredentialsProvider.java:161) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.048Z DEBUG 1 --- [backend] [           main] s.a.a.a.c.AwsCredentialsProviderChain    : Unable to load credentials from ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set.,2024-06-13T17:28:40.055184710Z

2024-06-13T17:28:40.048338262Z software.amazon.awssdk.core.exception.SdkClientException: Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set.
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider$ContainerCredentialsEndpointProvider.endpoint(ContainerCredentialsProvider.java:190) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:112) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.regions.util.HttpResourcesUtils.readResource(HttpResourcesUtils.java:91) ~[regions-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader.loadCredentials(HttpCredentialsLoader.java:60) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider.refreshCredentials(ContainerCredentialsProvider.java:130) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider.resolveCredentials(ContainerCredentialsProvider.java:161) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.032721958Z software.amazon.awssdk.core.exception.SdkClientException: Profile file contained no credentials for profile 'default': ProfileFile(sections=[])
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.lambda$createCredentialsProvider$2(ProfileCredentialsProvider.java:173) ~[auth-2.26.1.jar!/:na]
    at java.base/java.util.Optional.orElseThrow(Optional.java:403) ~[na:na]
    at software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.createCredentialsProvider(ProfileCredentialsProvider.java:170) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.handleProfileFileReload(ProfileCredentialsProvider.java:135) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.resolveCredentials(ProfileCredentialsProvider.java:126) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.019593392Z java.lang.IllegalStateException: Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set.
    at software.amazon.awssdk.utils.SystemSetting.lambda$getStringValueOrThrow$0(SystemSetting.java:95) ~[utils-2.26.1.jar!/:na]
    at java.base/java.util.Optional.orElseThrow(Optional.java:403) ~[na:na]
    at software.amazon.awssdk.utils.SystemSetting.getStringValueOrThrow(SystemSetting.java:93) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider.<init>(WebIdentityTokenFileCredentialsProvider.java:88) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider.<init>(WebIdentityTokenFileCredentialsProvider.java:51) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider$BuilderImpl.build(WebIdentityTokenFileCredentialsProvider.java:315) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.lambda$createChain$0(DefaultCredentialsProvider.java:98) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.utils.Lazy.getValue(Lazy.java:50) ~[utils-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:40.012Z DEBUG 1 --- [backend] [           main] s.a.a.a.c.AwsCredentialsProviderChain    : Unable to load credentials from WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set.,2024-06-13T17:28:40.019514759Z

2024-06-13T17:28:40.013064071Z software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider.resolveCredentials(SystemSettingsCredentialsProvider.java:60) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:39.994Z DEBUG 1 --- [backend] [           main] s.a.a.a.c.AwsCredentialsProviderChain    : Unable to load credentials from EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).,2024-06-13T17:28:40.013005245Z

2024-06-13T17:28:39.995629294Z software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
    at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider.resolveCredentials(SystemSettingsCredentialsProvider.java:60) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60) ~[identity-spi-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54) ~[auth-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61) ~[sts-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
    at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) ~[sdk-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) ~[aws-core-2.26.1.jar!/:na]
    at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:767) ~[sts-2.26.1.jar!/:na]
    at com.itoaka.backend.security.KmsUtil.initProvidersMap(KmsUtil.java:68) ~[!/:na]

2024-06-13T17:28:39.932Z DEBUG 1 --- [backend] [           main] s.a.a.a.c.AwsCredentialsProviderChain    : Unable to load credentials from SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).,2024-06-13T17:28:39.995551380Z

Reproduction Steps

Beneath is the code that is being used

try (StsClient stsClient = StsClient.builder()
            .region(Region.of('eu-north-1'))
            .build()) {
          AssumeRoleWithWebIdentityRequest request = AssumeRoleWithWebIdentityRequest.builder()
              .roleArn(roleArn)
              .roleSessionName(sub)
              .webIdentityToken(token)
              .build();
          AssumeRoleWithWebIdentityResponse response = stsClient.assumeRoleWithWebIdentity(request);
          String accessKey = response.credentials().accessKeyId();
          String secretAccessKey = response.credentials().secretAccessKey();
        }

I am following the example code below: https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/sts/src/main/java/com/example/sts/AssumeRole.java

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.26.1

JDK version used

openjdk 17.0.11 2024-04-16 LTS

Operating System and version

bellsoft/liberica-runtime-container:jdk-17-glibc

MathiasVE commented 1 week ago

The problem has been resolved. I had to specify an anonymous credentials provider. Maybe I missed some documentation but this is not easy to find out from the api itself.

.credentialsProvider(AnonymousCredentialsProvider.create())
github-actions[bot] commented 1 week ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.