I'm using spring-cloud-stream API and a kinesis-binder to my application. I have to assume role as the credentials in ~/.aws/credentials file don't allow for accessing connection to the kinesis stream I am looking to connect.
I am able to get credentials from ~/.aws/credentials file and invoke STS to assume role and set the environment variables to use the newer access-key-id, access-secret-key and token. But the Kinesis binder already connects to the kinesis stream on the original role. If publish to a Kinesis stream, a new one gets created(which is not part of the original role) instead of connecting to the stream on the assumed role.
Below is the code snippet I'm using to assume role :
AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(
awsCredentialsProviderChain.getCredentials());
AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(ROLE_ARN).withDurationSeconds(3600)
.withRoleSessionName("demo");
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
String accessKeyId = assumeResult.getCredentials().getAccessKeyId();
String secretAccessKey = assumeResult.getCredentials().getSecretAccessKey();
String securityToken = assumeResult.getCredentials().getSessionToken();
System.setProperty(SDKGlobalConfiguration.ACCESS_KEY_ENV_VAR, accessKeyId);
System.setProperty(SDKGlobalConfiguration.SECRET_KEY_ENV_VAR, secretAccessKey);
System.setProperty(SDKGlobalConfiguration.AWS_SESSION_TOKEN_ENV_VAR, securityToken);
I would like to delay binding of spring integration input/output channels until the credentials are set in the environment variables.
