No need to setup S3 credentials (AccessKey and SecretKey) when an IAM role is properly assigned (with required priviledges) to an instance needing access to that S3.
We need to replace the AnonymousCredentialsProvider with the DefaulCredentialsProvider in our S3 COG plugin which, based on AWS SDK documentation looks for credentials in this order:
AWS credentials provider chain that looks for credentials in this order:
Java System Properties - aws.accessKeyId and aws.secretAccessKey
Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
Web Identity Token credentials from system properties or environment variables
Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
Instance profile credentials delivered through the Amazon EC2 metadata service
No need to setup S3 credentials (AccessKey and SecretKey) when an IAM role is properly assigned (with required priviledges) to an instance needing access to that S3.
We need to replace the AnonymousCredentialsProvider with the DefaulCredentialsProvider in our S3 COG plugin which, based on AWS SDK documentation looks for credentials in this order:
AWS credentials provider chain that looks for credentials in this order: Java System Properties - aws.accessKeyId and aws.secretAccessKey Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY Web Identity Token credentials from system properties or environment variables Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable, Instance profile credentials delivered through the Amazon EC2 metadata service