0

I am trying to assume an aws role to connect to different service. I have following implementation which is not working fine. It is giving me error

javax.net.ssl.SSLException: Connection reset

Any thoughts on how to fix this?

public static Credentials assumeRole() {

    String targetRoleArn = "xxx";
    String assumedRoleName = "xxx";

    String accessKey = "xxx";
    String secretKey = "xxx";
    
    Credentials assumedCredentials = null;      

    AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);

    StsClient stsClient = StsClient.builder()
            .region(Region.US_EAST_1)
            .credentialsProvider(StaticCredentialsProvider.create(credentials))
            .build();

    try {
        AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
                .roleArn(targetRoleArn)
                .roleSessionName(assumedRoleName)
                .build();

        AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest);

        assumedCredentials = roleResponse.credentials();

    } catch (StsException e) {
        System.err.println(e.getMessage());
        System.exit(1);
    }
    
    return assumedCredentials;
    
}
user2324686
  • 71
  • 2
  • 13

1 Answers1

1

I strongly suggest that you move from AWS SDK for Java V1 to AWS SDK for Java V2, which is considered best practice. V1 is not recommended anymore, as described in this AWS Page.

For this use case, there is an example in AWS Code Lib using AWS SDK for Java V2. This example perform these tasks:

  1. Creates a user that has no permissions.
  2. Creates a role and policy that grants Amazon S3 permissions.
  3. Creates a role.
  4. Grants the user permissions.
  5. Gets temporary credentials by assuming the role. Creates an Amazon S3 Service client object with the temporary credentials.
  6. Deletes the resources.

See:

Create an IAM user and assume a role with AWS STS using an AWS SDK

OR full example in GitHub:

https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/iam/src/main/java/com/example/iam/IAMScenario.java

This V2 code has been tested many times and works (as all code in AWS Code Library) - as shown here.

enter image description here

smac2020
  • 9,637
  • 4
  • 24
  • 38
  • Thanks. I tried using AWS SDK for Java V2 and now I am getting "avax.net.ssl.SSLException: Connection reset". StsClient stsClient = StsClient.builder() .region(Region.US_EAST_1) .credentialsProvider(StaticCredentialsProvider.create(credentials)) .build(); AssumeRoleRequest roleRequest = AssumeRoleRequest.builder() .roleArn(targetRoleArn) .roleSessionName(assumedRoleName) .build(); AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest); – user2324686 Jul 03 '23 at 05:52
  • Try using the exact code and POM file in the example I referenced. That works as shown in my screenshot. – smac2020 Jul 03 '23 at 08:49
  • I am using exact same configuration and still getting avax.net.ssl.SSLException: Connection reset. – user2324686 Jul 03 '23 at 16:23
  • Please updaye your code and show the extact V2 code you are using. You should not be getting a SSLException if you are using the code in the link i posted. – smac2020 Jul 03 '23 at 17:31
  • I have updated the code above in my original post. I am using V2 code here. Seems simple but still getting avax.net.ssl.SSLException: Connection reset error. Not sure whether I need to add some proxy settings to bypass proxy while connecting from localhost or disable SSL somehow. – user2324686 Jul 03 '23 at 17:52
  • Try this more basic STS example. https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/sts/src/main/java/com/example/sts/AssumeRole.java – smac2020 Jul 04 '23 at 16:00
  • I am sorry, I didn't see your comments earlier. It was embedded at the bottom and was asking me to show more. Somehow I could not see this earlier. I made some progress. Seems like I needed to add my localhost to skip the proxy while connecting to STS Service. However, now I am getting this new error: software.amazon.awssdk.services.sts.model.StsException: null (Service: Sts, Status Code: 400, Request ID: null) – user2324686 Jul 05 '23 at 03:16