search

aws / rolesanywhere-credential-helper

Apache License 2.0
128 stars 38 forks source link

Using the library inside my java code #48

Open itziklavon opened 1 year ago

itziklavon commented 1 year ago

Hi i would like to embed the library inside my java code is there any port for it? with golang i managed doing this just implementing the functions which the CMD calls directly from my code can it be done with Java?

thanks!

13ajay commented 1 year ago

In Golang, you should be able to take a dependency on this package as opposed to having to copy and paste function definitions, but maybe I'm misunderstanding what you're doing. You can find an example here.

In Java, you could try reimplementing methods that you would like to leverage in your code base. Or if it's acceptable, you could potentially defer CreateSession calls to the aws_signing_helper executable. In your Java code, you could invoke the aws_signing_helper executable, providing the command line that you want to run and setting arguments appropriately. And you can read the executable output that is written to standard output.

There are definitely other approaches as well - it depends on what's acceptable for your use case.

jake6532 commented 1 year ago

Another Option: You can also set the location of a shared aws config file by using the "AWS_CONFIG_FILE" environment variable and set the credential process up in the config file under the default profile to use the aws_signing_helper. The Java/.NET AWS SDK's support looking at that environment variable for the location of the AWS config file and work with the AWS credential process. This allows for minimal changes to your applications and keeps the IAMRA configuration in the AWS config file's credential process. You could also use the default config file which is typically located in the users directory but if you want to keep that location static across all of your servers, you can use that environment variable to override the location. Example: [default] region = us-east-2 output = json credential_process = C:\aws\aws_signing_helper credential-process --trust-anchor-arn {TRUSTANCHORARN} --profile-arn {PROFILEARN} --role-arn {ROLEARN} --certificate {CERT} --private-key {CERTKEY} --endpoint {IAMRA VPC ENDPOINT}