0

I have a role on ec2 instance which has assume role permission on a different role. I have the trust relationship set so that shoudnt be an issue. I have this code to get IAM credentials :

public class AwsCredentialsHelper {
    private static final String ROLE_ARN_PROPERTY = "aws.role.arn";

    private static final Logger logger = LogManager.getLogger("InfraLogger");

    private AwsCredentialsHelper() {
    }

    public static AWSCredentialsProvider getCredentialsProvider(String clientId, AWSCredentialsProvider defaultProvider) {
        String roleArn = getRoleArnProperty();

        if (roleArn != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Using assume role credentials provider for role {}", roleArn);
            }
            return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, clientId).build();
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Using default credentials provider");
            }
            return defaultProvider;
        }
    }

This fails for me with :

18:59:47.516 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
18:59:47.516 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
18:59:47.516 [main] DEBUG org.springframework.jmx.export.annotation.AnnotationMBeanExporter - Unregistering JMX-exposed beans
18:59:47.523 [kpl-daemon-0000] DEBUG com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from com.amazonaws.auth.profile.ProfileCredentialsProvider@c745363: profile file cannot be null

It appears its looking at the first three places but never going past to the next (which includes the iam role). We obviously dont have the credentials file setup. The same exact code did work in a different setup for me so im confused if I am doing this right ?

user1795516
  • 451
  • 1
  • 8
  • 18

0 Answers0