package com;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.Bucket;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.util.StringUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
public class AssumeRole {
private static BasicSessionCredentials sessionCredentials;
public static void main(String[] args) {
AmazonS3 s3 = getS3Client("ap-south-1","arn:aws:iam::867717:role/s3-role");
GetObjectRequest request = new GetObjectRequest("amazonwebservicesbucket","index.html");
S3Object fullObject = s3.getObject(request);
try {
displayTextInputStream(fullObject.getObjectContent());
} catch (IOException e) {
e.printStackTrace();
}
//With the temporary credentails we are able to list all bucket names. AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build();
for (Bucket bucket : s3Client.listBuckets()) {
System.out.println(" - " + bucket.getName());
}
}
public static AmazonS3 getS3Client(final String region, final String roleArn) {
final Regions awsRegion = StringUtils.isNullOrEmpty(region) ? Regions.US_EAST_1 : Regions.fromName(region);
if (StringUtils.isNullOrEmpty(roleArn)) {
return AmazonS3ClientBuilder.standard().withRegion(awsRegion).build();
} else {
final AssumeRoleRequest assumeRole = new AssumeRoleRequest()
.withRoleArn(roleArn)
.withRoleSessionName("s3-role")
.withDurationSeconds(3600); // this has validity 1 hour, but default 12 hours, minimum of 15 min, max 36 hours we can set.
final AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard().withRegion(awsRegion).build();
final Credentials credentials = sts.assumeRole(assumeRole).getCredentials();
sessionCredentials = new BasicSessionCredentials(
credentials.getAccessKeyId(),
credentials.getSecretAccessKey(),
credentials.getSessionToken());
System.out.println("AccessKeyID :"+credentials.getAccessKeyId());
System.out.println("SecretAccessKey :"+credentials.getSecretAccessKey());
System.out.println("SessionToken :"+credentials.getSessionToken());
return AmazonS3ClientBuilder.standard().withRegion(awsRegion).withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build();
}
}
private static void displayTextInputStream(InputStream input) throws IOException {
// Read the text input stream one line at a time and display each line. BufferedReader reader = new BufferedReader(new InputStreamReader(input));
String line = null;
while ((line = reader.readLine()) != null) {
System.out.println(line);
}
System.out.println();
}
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>aws-sts</groupId>
<artifactId>aws-sts</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk --> <dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk</artifactId>
<version>1.11.350</version>
</dependency>
</dependencies>
</project>
