search

aws / aws-sdk-java

The official AWS SDK for Java 1.x (In Maintenance Mode, End-of-Life on 12/31/2025). The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
https://aws.amazon.com/sdkforjava
Apache License 2.0
4.13k stars 2.83k forks source link

Possible fix for aws profile assumeRole from ec2InstanceRole issues: #3038

Closed gss2002 closed 4 months ago

gss2002 commented 1 year ago

Possible fix for aws profile assumeRole from ec2InstanceRole issues:

https://github.com/aws/aws-sdk-java/issues/1521 https://github.com/aws/aws-sdk-java/issues/1713

Issue #, if available:

1521 and #1713

Description of changes: This code change is a possible solution to resolve using AWS Profile files not correctly utilizing credential_source such as Ec2InstanceMetadata and being forced to only utilize AccessKey/Secret. I have tested with AWS's official version of the Redshift JDBC Driver and it does work and solve the problem of not being able to utilize credential_source. I was able to successfully test with AWS's Redshift JDBC Driver using Ec2InstanceMetadata and utilized assumeRole operation to use a different role both in the local account and in a cross account methodology.

Example of what did not work with aws-java-sdk v1 before this fix.

[default] credential_source=Ec2InstanceMetadata region=us-east-1 output=json

[redshift_iam] role_arn=arn:aws:iam::xxxxxxxxxxxx:role/xxxx-data-dev-idmc-poc region=us-east-1 source_profile=default output=json

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

debora-ito commented 4 months ago

@gss2002 We appreciate your time and effort submitting the PR but we don't have plans to support credential_source in v1, see my comment in #1521.