Java Awssdk Common Credentials Providers

Library
StaticCredentialsProvider
SystemPropertyCredentialsProvider
ProfileCredentialsProvider
EnvironmentVariableCredentialsProvider
InstanceProfileCredentialsProvider
ContainerCredentialsProvider

To interact with Amazon Web Services (AWS), you need to create an AwsCredentialsProvider object to provide credentials to AWS each time a request is sent to AWS.

Essentially, credentials are an "accessKeyId/secretAccessKey" value pair, which is also called an "Access Key", and is included in each request sent to AWS. This value pair can be hardcoded in Java code via StaticCredentialsProvider. Additionally "Access Key" can also be stored in a file and read by ProfileCredentialsProvider, or stored in environment variables and read by EnvironmentVariableCredentialsProvider, ...

So, first you need to ensure that you have created an "Access Key" on AWS. The article below guides you to complete this step.

Create AWS accessKeyId/secretAccessKey

1. Library

<!-- https://mvnrepository.com/artifact/software.amazon.awssdk/s3 -->
<dependency>
	<groupId>software.amazon.awssdk</groupId>
	<artifactId>s3</artifactId>
	<version>2.21.10</version>
</dependency> 

<!-- Log Library -->
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
<dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-api</artifactId>
    <version>2.0.9</version>
</dependency>

<!-- Log Library -->
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-simple -->
<dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-simple</artifactId>
    <version>2.0.9</version> 
</dependency>

2. StaticCredentialsProvider

A simple and fast way to create an AwsCredentialsProvider object is to provide the accessKeyId and secretAccessKey directly in the Java code.

Create a Java class to store the "accessKeyId/secretAccessKey" obtained in the step above:

MyAccessKey.java

package org.o7planning.java_14219_awssdk_s3;

public class MyAccessKey {

	public static final String ACCESS_KEY_ID = "Your-Access-Key-ID";
	public static final String SECRET_ACCESS_KEY = "Your-Secret-Access-Key";
}

A utility class that creates an StaticCredentialsProvider object with "accessKeyId/secretAccessKey" is provided directly.

StaticCredentialsProviderExample1.java

package org.o7planning.java_14219_awssdk_s3;

import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;

public class StaticCredentialsProviderExample1 {

	public static StaticCredentialsProvider createCredentialsProvider(Region region) {
		AwsCredentials credentials = AwsBasicCredentials.create( //
				MyAccessKey.ACCESS_KEY_ID, // accessKeyId
				MyAccessKey.SECRET_ACCESS_KEY // secretAccessKey
		);
		StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);
		return credentialsProvider;
	}
}

Xem bài viết chuyên đề về StaticCredentialsProvider với các giải thích chi tiết và nâng cao:

Java Awssdk StaticCredentialsProvider

3. SystemPropertyCredentialsProvider

The "accessKeyId/secretAccessKey" value pair can be provided to the AWSSDK via System Properties. They are passed to the Java virtual machine at the time the virtual machine is started.

java -jar myweb.war -Daws.accessKeyId=my-accessKeyId -Daws.secretAccessKey=my-secretAccessKey

The values of the two properties below will be read by SystemPropertyCredentialsProvider:

aws.accessKeyId
aws.secretAccessKey

Example, create an SystemPropertyCredentialsProvider object with "accessKeyId/secretAccessKey" provided through System Properties.

SystemPropertyS3ClientUtils.java

package org.o7planning.java_14219_awssdk_s3;

import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
import software.amazon.awssdk.regions.Region;

public class SystemPropertyCredentialsProviderExample1 {

	public static SystemPropertyCredentialsProvider createCredentialsProvider(Region region) {
		//
		// SystemPropertyCredentialsProvider will read "System Properties":
		// aws.accessKeyId
		// aws.secretAccessKey
		//
		return SystemPropertyCredentialsProvider.create();
	}
}

See the topical article about SystemPropertyCredentialsProvider with detailed and advanced explanations:

Java Awssdk Creating and using SystemPropertyCredentialsProvider

Java System Properties

4. ProfileCredentialsProvider

ProfileCredentialsProvider allows reading "accessKeyId/secretAccessKey" in a file located somewhere in the host. This file is called "Profile-File", its location can be specified in the Java code or set through an environment variable, or be a default path convention.

There are two types of "Profile Files":

ProfileFile.Type.CREDENTIALS
ProfileFile.Type.CONFIGURATION

Basically, you can specify the path of the "Profile File" directly in Java code, or through an environment variable or using the default path convention.

{UserHome}/.aws/credentials
{UserHome}/.aws/config

ProfileCredentialsProviderExample1.java

package org.o7planning.java_14219_awssdk_s3;

import java.nio.file.Paths;

import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.regions.Region;

//
// ProfileFile.Type.CREDENTIALS Example.
//
public class ProfileCredentialsProviderExample1 {

	private static final String MY_PROFILE_FILE_PATH = "/Volumes/New/my-profile-credentials.txt";

	public static ProfileCredentialsProvider createCredentialsProvider(Region region) {
		System.out.println("User Home: " + System.getProperty("user.home"));
		// Profile File:
		ProfileFile profileFile = ProfileFile.builder() //
				.type(ProfileFile.Type.CREDENTIALS) // CREDENTIALS or CONFIGURATION
				.content(Paths.get(MY_PROFILE_FILE_PATH)) //
				.build();

		// Credentials Provider
		return ProfileCredentialsProvider.builder() //
				.profileFile(profileFile) //
				// .profileName("my-custom-profile-1") // Optional
				.build(); 
	}
}

my-profile-credentials.txt

# This is a Comment Line 1
# This is a Comment Line 2
#
# ProfileType.Type.CREDENTIALS Sample:
#
# Profile Definition values: [default] or [your-custom-name]

[default] # Default profile
aws_access_key_id = Your-Access-Key-Id-1
aws_secret_access_key = Your-Secret-Access-Key-1


[my-custom-profile-1] # Custom Profile.
aws_access_key_id = Your-Access-Key-Id-2
aws_secret_access_key = Your-Secret-Access-Key-2

See the topical article about ProfileCredentialsProvider with detailed and advanced explanations:

Java Awssdk ProfileCredentialsProvider

5. EnvironmentVariableCredentialsProvider

The "accessKeyId/secretAccessKey" values can be set via environment variables and read by EnvironmentVariableCredentialsProvider.

Specifically, EnvironmentVariableCredentialsProvider will read the 3 environment variables below, of which the third environment variable is an option.

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN (Optional)

Image illustrating environment variables on Windows operating system.

After setting the environment variables, creating an EnvironmentVariableCredentialsProvider object is really simple.

EnvironmentVariableCredentialsProviderExample1.java

package org.o7planning.java_14219_awssdk_s3;

import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
import software.amazon.awssdk.regions.Region;

public class EnvironmentVariableCredentialsProviderExample1 {

	public static EnvironmentVariableCredentialsProvider createCredentialsProvider(Region region) {
		//
		// EnvironmentVariableCredentialsProvider will read Environment Variables:
		// AWS_ACCESS_KEY_ID
		// AWS_SECRET_ACCESS_KEY
		// AWS_SESSION_TOKEN (Optional)
		//
		return EnvironmentVariableCredentialsProvider.create();
	}
}

See the topical article about EnvironmentVariableCredentialsProvider with detailed and advanced explanations:

Java Awssdk EnvironmentVariableCredentialsProvider

Setup environment variables on Windows
Setup environment variables on Ubuntu
Setup environment variables on Mac Os

6. InstanceProfileCredentialsProvider

InstanceProfileCredentialsProvider is useful if you use Amazon AWS's EC2 service, it provides credentials that help your EC2 connect to other AWS resources.

Giới thiệu về Amazon EC2

InstanceProfileCredentialsProviderExample1.java

package org.o7planning.java_14219_awssdk_s3;

import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
import software.amazon.awssdk.regions.Region;

public class InstanceProfileCredentialsProviderExample1 {
	
	public static InstanceProfileCredentialsProvider createCredentialsProvider(Region region) { 
		return InstanceProfileCredentialsProvider.create();  
	}
}

See the topical article about InstanceProfileCredentialsProvider with detailed and advanced explanations:

Java Awssdk InstanceProfileCredentialsProvider

7. ContainerCredentialsProvider

Wait for update...

ContainerS3ClientUtils.java

package org.o7planning.java_awssdk_s3.s3client;

import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;

public class ContainerS3ClientUtils {

	public static S3Client createS3Client(Region region) {
		//
		// AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
		// AWS_CONTAINER_CREDENTIALS_FULL_URI
		//
		AwsCredentialsProvider provider = ContainerCredentialsProvider.builder().build();

		S3Client client = S3Client.builder() //
				.credentialsProvider(provider) //
				.region(region) //
				.build();

		return client;
	}
}

See the topical article about ContainerCredentialsProvider with detailed and advanced explanations:

Java Awssdk ContainerCredentialsProvider