The priority used when searching for credentials is not defined by the order providers are added to the list.
In some place, the order is lost since we are trying to use WebIdentityTokenCredentialsProvider but EC2ContainerCredentialsProvider is executing before. As we can see in the log, the order of provider execution is no the supposed:
`[DEBUG] Unable to load credentials from org.kuali.maven.wagon.auth.AuthenticationInfoCredentialsProvider@401516ad: The S3 wagon needs AWS Access Key set as the username and AWS Secret Key set as the password. eg:
[DEBUG] Unable to load credentials from EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
[DEBUG] Unable to load credentials from SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
[DEBUG] Unable to load credentials from com.amazonaws.auth.profile.ProfileCredentialsProvider@49f4792a: null
[DEBUG] Loading credentials from com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@7c1ae95
[DEBUG] Loading credentials from com.amazonaws.auth.DefaultAWSCredentialsProviderChain@4bd47b75`
And supposed order is:
// System properties always win
providers.add(new SystemPropertiesCredentialsProvider());
// Then fall through to environment variables
providers.add(new EnvironmentVariableCredentialsProvider());
// Then fall through to IAM roles for service accounts (IRSA)
providers.add(WebIdentityTokenCredentialsProvider.create());
// Then fall through to settings.xml
providers.add(new AuthenticationInfoCredentialsProvider(auth));
// Then fall thru to reading the ~/.aws/credentials files many people use.
providers.add(new ProfileCredentialsProvider());
// Then fall through to either Amazon's Amazon EC2 Container Service or EC2 Instance Metadata Service
// http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html
// This allows you setup an IAM role, attach that role to an EC2 Instance at launch time,
// and thus automatically provide the wagon with the credentials it needs
providers.add(new EC2ContainerCredentialsProviderWrapper());
The priority used when searching for credentials is not defined by the order providers are added to the list.
In some place, the order is lost since we are trying to use WebIdentityTokenCredentialsProvider but EC2ContainerCredentialsProvider is executing before. As we can see in the log, the order of provider execution is no the supposed:
`[DEBUG] Unable to load credentials from org.kuali.maven.wagon.auth.AuthenticationInfoCredentialsProvider@401516ad: The S3 wagon needs AWS Access Key set as the username and AWS Secret Key set as the password. eg:
[DEBUG] Unable to load credentials from EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)) [DEBUG] Unable to load credentials from SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey) [DEBUG] Unable to load credentials from com.amazonaws.auth.profile.ProfileCredentialsProvider@49f4792a: null [DEBUG] Loading credentials from com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@7c1ae95 [DEBUG] Loading credentials from com.amazonaws.auth.DefaultAWSCredentialsProviderChain@4bd47b75`
And supposed order is: