aws-java-sdk get temporary credentials for non aws environment

Question

I have access to aws account with username logingUserId. I want to create access profile in my CI server so that I can test my applications against the AWS tools like kinesis, dynamodb etc.

I wrote a method to generate access key, secret key and session token(using AssumeRoleRequest). It does not seem to be working.

  it("provides temporary access to AWS") {
    val assumeRoleRequest = new AssumeRoleRequest

    assumeRoleRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName)
    assumeRoleRequest.setRoleSessionName("test-session")
    assumeRoleRequest.setExternalId(loginUserId)

    val tokenService = new AWSSecurityTokenServiceClient() // 
    tokenService.setEndpoint("sts-endpoint.amazonaws.com")
    tokenService.assumeRole(assumeRoleRequest)

    val tokenRequestEvent = new GetSessionTokenRequest()
    tokenRequestEvent.setDurationSeconds(7200) // optional

    val tokenResponseEvent =
      tokenService.getSessionToken(tokenRequestEvent)

    val creds = tokenResponseEvent.getCredentials

    println(creds.getAccessKeyId) //write to ~/.aws/credentials
    println(creds.getSecretAccessKey) //write to ~/.aws/credentials
    println(creds.getSessionToken) //write to ~/.aws/credentials
    println(creds.getExpiration)
  }

Error - Unable to load AWS credentials from any provider in the chain

/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/bin/java -Didea.launcher.port=7541 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Users/as18/Library/Application Support/IntelliJIdea2016.2/Scala/lib/scala-plugin-runners.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/lib/tools.jar:/Users/as18/possibilities/programming/s2/whats-in-stream-v2/target/test-classes:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk/1.11.109/aws-java-sdk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-pinpoint/1.11.109/aws-java-sdk-pinpoint-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/jmespath-java/1.11.109/jmespath-java-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-xray/1.11.109/aws-java-sdk-xray-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworkscm/1.11.109/aws-java-sdk-opsworkscm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-support/1.11.109/aws-java-sdk-support-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpledb/1.11.109/aws-java-sdk-simpledb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servicecatalog/1.11.109/aws-java-sdk-servicecatalog-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-servermigration/1.11.109/aws-java-sdk-servermigration-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-simpleworkflow/1.11.109/aws-java-sdk-simpleworkflow-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-storagegateway/1.11.109/aws-java-sdk-storagegateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-route53/1.11.109/aws-java-sdk-route53-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-s3/1.11.109/aws-java-sdk-s3-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-importexport/1.11.109/aws-java-sdk-importexport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sts/1.11.109/aws-java-sdk-sts-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sqs/1.11.109/aws-java-sdk-sqs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rds/1.11.109/aws-java-sdk-rds-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-redshift/1.11.109/aws-java-sdk-redshift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticbeanstalk/1.11.109/aws-java-sdk-elasticbeanstalk-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-glacier/1.11.109/aws-java-sdk-glacier-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iam/1.11.109/aws-java-sdk-iam-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-datapipeline/1.11.109/aws-java-sdk-datapipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancing/1.11.109/aws-java-sdk-elasticloadbalancing-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticloadbalancingv2/1.11.109/aws-java-sdk-elasticloadbalancingv2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-emr/1.11.109/aws-java-sdk-emr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticache/1.11.109/aws-java-sdk-elasticache-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elastictranscoder/1.11.109/aws-java-sdk-elastictranscoder-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ec2/1.11.109/aws-java-sdk-ec2-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dynamodb/1.11.109/aws-java-sdk-dynamodb-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-sns/1.11.109/aws-java-sdk-sns-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-budgets/1.11.109/aws-java-sdk-budgets-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudtrail/1.11.109/aws-java-sdk-cloudtrail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatch/1.11.109/aws-java-sdk-cloudwatch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-logs/1.11.109/aws-java-sdk-logs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-events/1.11.109/aws-java-sdk-events-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidentity/1.11.109/aws-java-sdk-cognitoidentity-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitosync/1.11.109/aws-java-sdk-cognitosync-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directconnect/1.11.109/aws-java-sdk-directconnect-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudformation/1.11.109/aws-java-sdk-cloudformation-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudfront/1.11.109/aws-java-sdk-cloudfront-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-clouddirectory/1.11.109/aws-java-sdk-clouddirectory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kinesis/1.11.109/aws-java-sdk-kinesis-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-opsworks/1.11.109/aws-java-sdk-opsworks-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ses/1.11.109/aws-java-sdk-ses-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-autoscaling/1.11.109/aws-java-sdk-autoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudsearch/1.11.109/aws-java-sdk-cloudsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudwatchmetrics/1.11.109/aws-java-sdk-cloudwatchmetrics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codedeploy/1.11.109/aws-java-sdk-codedeploy-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codepipeline/1.11.109/aws-java-sdk-codepipeline-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-kms/1.11.109/aws-java-sdk-kms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-config/1.11.109/aws-java-sdk-config-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lambda/1.11.109/aws-java-sdk-lambda-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecs/1.11.109/aws-java-sdk-ecs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ecr/1.11.109/aws-java-sdk-ecr-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cloudhsm/1.11.109/aws-java-sdk-cloudhsm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-ssm/1.11.109/aws-java-sdk-ssm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workspaces/1.11.109/aws-java-sdk-workspaces-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-machinelearning/1.11.109/aws-java-sdk-machinelearning-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-directory/1.11.109/aws-java-sdk-directory-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-efs/1.11.109/aws-java-sdk-efs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codecommit/1.11.109/aws-java-sdk-codecommit-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-devicefarm/1.11.109/aws-java-sdk-devicefarm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-elasticsearch/1.11.109/aws-java-sdk-elasticsearch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-waf/1.11.109/aws-java-sdk-waf-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacecommerceanalytics/1.11.109/aws-java-sdk-marketplacecommerceanalytics-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-inspector/1.11.109/aws-java-sdk-inspector-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-iot/1.11.109/aws-java-sdk-iot-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-api-gateway/1.11.109/aws-java-sdk-api-gateway-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-acm/1.11.109/aws-java-sdk-acm-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-gamelift/1.11.109/aws-java-sdk-gamelift-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-dms/1.11.109/aws-java-sdk-dms-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-marketplacemeteringservice/1.11.109/aws-java-sdk-marketplacemeteringservice-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-cognitoidp/1.11.109/aws-java-sdk-cognitoidp-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-discovery/1.11.109/aws-java-sdk-discovery-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-applicationautoscaling/1.11.109/aws-java-sdk-applicationautoscaling-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-snowball/1.11.109/aws-java-sdk-snowball-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-rekognition/1.11.109/aws-java-sdk-rekognition-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-polly/1.11.109/aws-java-sdk-polly-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lightsail/1.11.109/aws-java-sdk-lightsail-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-stepfunctions/1.11.109/aws-java-sdk-stepfunctions-1.11.109.jar:/Users/as18/.m2/repository/com/jayway/jsonpath/json-path/2.2.0/json-path-2.2.0.jar:/Users/as18/.m2/repository/org/slf4j/slf4j-api/1.7.16/slf4j-api-1.7.16.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-health/1.11.109/aws-java-sdk-health-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-costandusagereport/1.11.109/aws-java-sdk-costandusagereport-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-codebuild/1.11.109/aws-java-sdk-codebuild-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-appstream/1.11.109/aws-java-sdk-appstream-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-shield/1.11.109/aws-java-sdk-shield-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-batch/1.11.109/aws-java-sdk-batch-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-lex/1.11.109/aws-java-sdk-lex-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-mechanicalturkrequester/1.11.109/aws-java-sdk-mechanicalturkrequester-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-organizations/1.11.109/aws-java-sdk-organizations-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-workdocs/1.11.109/aws-java-sdk-workdocs-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-core/1.11.109/aws-java-sdk-core-1.11.109.jar:/Users/as18/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar:/Users/as18/.m2/repository/org/apache/httpcomponents/httpcore/4.4.4/httpcore-4.4.4.jar:/Users/as18/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar:/Users/as18/.m2/repository/software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.6.6/jackson-databind-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.6.0/jackson-annotations-2.6.0.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.6.6/jackson-core-2.6.6.jar:/Users/as18/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.6.6/jackson-dataformat-cbor-2.6.6.jar:/Users/as18/.m2/repository/joda-time/joda-time/2.8.1/joda-time-2.8.1.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-models/1.11.109/aws-java-sdk-models-1.11.109.jar:/Users/as18/.m2/repository/com/amazonaws/aws-java-sdk-swf-libraries/1.11.22/aws-java-sdk-swf-libraries-1.11.22.jar:/Users/as18/.m2/repository/org/scalatest/scalatest_2.11/3.0.1/scalatest_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-library/2.11.8/scala-library-2.11.8.jar:/Users/as18/.m2/repository/org/scalactic/scalactic_2.11/3.0.1/scalactic_2.11-3.0.1.jar:/Users/as18/.m2/repository/org/scala-lang/scala-reflect/2.11.8/scala-reflect-2.11.8.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-xml_2.11/1.0.5/scala-xml_2.11-1.0.5.jar:/Users/as18/.m2/repository/org/scala-lang/modules/scala-parser-combinators_2.11/1.0.4/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-actors-2.11.0.jar:/usr/local/scala-2.11.8/lib/scala-actors-migration_2.11-1.1.0.jar:/usr/local/scala-2.11.8/lib/scala-library.jar:/usr/local/scala-2.11.8/lib/scala-parser-combinators_2.11-1.0.4.jar:/usr/local/scala-2.11.8/lib/scala-reflect.jar:/usr/local/scala-2.11.8/lib/scala-swing_2.11-1.0.2.jar:/usr/local/scala-2.11.8/lib/scala-xml_2.11-1.0.4.jar:/Applications/IntelliJ IDEA.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner -s creds.Test -testName "provides temporary access to AWS" -showProgressMessages true -C org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestReporter
Testing started at 3:20 AM ...

Unable to load AWS credentials from any provider in the chain
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain
    at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1119)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:759)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:723)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454)
    at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431)
    at creds.Test$$anonfun$1.apply$mcV$sp(Test.scala:24)
    at creds.Test$$anonfun$1.apply(Test.scala:15)
    at creds.Test$$anonfun$1.apply(Test.scala:15)
    at org.scalatest.OutcomeOf$class.outcomeOf(OutcomeOf.scala:85)
    at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
    at org.scalatest.Transformer.apply(Transformer.scala:22)
    at org.scalatest.Transformer.apply(Transformer.scala:20)
    at org.scalatest.FunSpecLike$$anon$1.apply(FunSpecLike.scala:454)
    at org.scalatest.TestSuite$class.withFixture(TestSuite.scala:196)
    at org.scalatest.FunSpec.withFixture(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$class.invokeWithFixture$1(FunSpecLike.scala:451)
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464)
    at org.scalatest.FunSpecLike$$anonfun$runTest$1.apply(FunSpecLike.scala:464)
    at org.scalatest.SuperEngine.runTestImpl(Engine.scala:289)
    at org.scalatest.FunSpecLike$class.runTest(FunSpecLike.scala:464)
    at org.scalatest.FunSpec.runTest(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497)
    at org.scalatest.FunSpecLike$$anonfun$runTests$1.apply(FunSpecLike.scala:497)
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:396)
    at org.scalatest.SuperEngine$$anonfun$traverseSubNodes$1$1.apply(Engine.scala:384)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.scalatest.SuperEngine.traverseSubNodes$1(Engine.scala:384)
    at org.scalatest.SuperEngine.org$scalatest$SuperEngine$$runTestsInBranch(Engine.scala:379)
    at org.scalatest.SuperEngine.runTestsImpl(Engine.scala:461)
    at org.scalatest.FunSpecLike$class.runTests(FunSpecLike.scala:497)
    at org.scalatest.FunSpec.runTests(FunSpec.scala:1630)
    at org.scalatest.Suite$class.run(Suite.scala:1147)
    at org.scalatest.FunSpec.org$scalatest$FunSpecLike$$super$run(FunSpec.scala:1630)
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501)
    at org.scalatest.FunSpecLike$$anonfun$run$1.apply(FunSpecLike.scala:501)
    at org.scalatest.SuperEngine.runImpl(Engine.scala:521)
    at org.scalatest.FunSpecLike$class.run(FunSpecLike.scala:501)
    at org.scalatest.FunSpec.run(FunSpec.scala:1630)
    at org.scalatest.tools.SuiteRunner.run(SuiteRunner.scala:45)
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1340)
    at org.scalatest.tools.Runner$$anonfun$doRunRunRunDaDoRunRun$1.apply(Runner.scala:1334)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.scalatest.tools.Runner$.doRunRunRunDaDoRunRun(Runner.scala:1334)
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1011)
    at org.scalatest.tools.Runner$$anonfun$runOptionallyWithPassFailReporter$2.apply(Runner.scala:1010)
    at org.scalatest.tools.Runner$.withClassLoaderAndDispatchReporter(Runner.scala:1500)
    at org.scalatest.tools.Runner$.runOptionallyWithPassFailReporter(Runner.scala:1010)
    at org.scalatest.tools.Runner$.run(Runner.scala:850)
    at org.scalatest.tools.Runner.run(Runner.scala)
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.runScalaTest2(ScalaTestRunner.java:138)
    at org.jetbrains.plugins.scala.testingSupport.scalaTest.ScalaTestRunner.main(ScalaTestRunner.java:28)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)

Tried using AssumeRoleWithWebIdentityRequest too, which makes more sense than AssumeRoleRequest. But throws same Unable to load creds error.

  it("provides temporary access to AWS") {
    val identityRequest = new AssumeRoleWithWebIdentityRequest()
    identityRequest.setRoleArn("arn:aws:iam::" + accountId + ":role/" + roleName)
    //identityRequest.setWebIdentityToken(loginUserId) //I dont know what is it
    identityRequest.setRoleSessionName(loginUserId)

    val tokenService = new AWSSecurityTokenServiceClient()
    tokenService.setEndpoint("sts-endpoint.amazonaws.com")
    val creds = tokenService.assumeRoleWithWebIdentity(identityRequest).getCredentials

    println(creds.getAccessKeyId)
    println(creds.getSecretAccessKey)
    println(creds.getSessionToken)
    println(creds.getExpiration)
  }

The request its sending is

POST null / Parameters: ({"Action":["AssumeRoleWithWebIdentity"],"Version":["2011-06-15"],"RoleArn":["arn:aws:iam::accountId:role/roleName"],"RoleSessionName":["loginUserId"]}

where resourcePath is null, dont know why?

I'm using aws-java-sdk 1.11

    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk</artifactId>
        <version>1.11.109</version>
        <scope>compile</scope>
    </dependency>

On terminal, asks for profile which I don't have. All I have is username and password to aws account.

$ aws sts assume-role --role-arn arn:aws:iam::someAccount:role/rolenNameForMe --role-session-name "RoleSession1" > assume-role-output.txt
Unable to locate credentials. You can configure credentials by running "aws configure".

When I check the UI users page, I have restricted access

User: arn:aws:sts::accountId:assumed-role/roleName/loginUserId is not authorized to perform: iam:ListUsers on resource: arn:aws:iam::accountId:user/

score 3 · Answer 1 · answered Apr 24 '17 at 11:48

3

When you make a call to an AWS service, you must provide credentials to identify who you are. This also applies when making calls to AssumeRole requests. (After all, you wouldn't want anyone in the world being able to make these calls without your permission!)

If you are running code on an Amazon EC2 instance that has an associated IAM Role, then these credentials will be automatically passed to the instance via the Instance Metadata service. Making calls to the AWS SDK will automatically use these credentials.

If you are not running on an EC2 instance with an associated role, you can provide local credentials in a configuration file. The easiest way to do this is to run aws configure and provide the Access Key and Secret Key (that you get from IAM when the IAM User is created). Remember -- you must make calls as an IAM user, so use the credentials for that desired user.

You mention that you have a username and password for an AWS account, so:

Go to IAM in the Management Console
Select your User
Look in the Security Credentials tab
Click Create access key
Use those credentials when calling aws configure

answered Apr 24 '17 at 11:48

John Rotenstein

241,921
22
380
470

1) Question is for non aws environment 2) I have limited access to aws where I can not create access key like you are suggesting from UI. 3) Thats why I was wondering is there a way to request for temporary creds with my `loginUserId` and `loginPassword` on non-aws? – prayagupa Apr 24 '17 at 18:22
Only [`AssumeRoleWithWebIdentity`](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html`) can operate without AWS credentials, because you must first authenticate against an external ID provider (eg Facebook, Google) and then be permitted to assume a role. – John Rotenstein Apr 24 '17 at 20:33
Thats what I'm trying to use if you see the question. My confusion is on terms `IdentityToken` and `RoleSessionName`. Im not using any external provider for auth so dunno value for it. for `RoleSessionName`, it says `Typically, you pass the name or identifier that is associated with the user who is using your application.` So, Im passing my loginUserName itself. – prayagupa Apr 24 '17 at 21:12
For a sample scenario, see: [Web Identity Federation Playground](https://web-identity-federation-playground.s3.amazonaws.com/index.html) – John Rotenstein Apr 25 '17 at 04:10
@prayagupd to clear your confusion, see the third paragraph again: *provide the Access Key and Secret Key (that you get from IAM when the IAM User is created). Remember -- you must make calls as an IAM user, so use the credentials for that desired user.* In a non-EC2 environment, your server needs its own AWS Access Key ID and Secret corresponding to an IAM user created for this purpose. The RoleSessionName is an arbitrary string with meaning only to you, not to AWS. – Michael - sqlbot Apr 25 '17 at 09:54

aws-java-sdk get temporary credentials for non aws environment

1 Answers1