Java Awssdk ProfileCredentialsProvider
As you know "accessKeyId/secretAccessKey" can be hardcoded in Java code, which makes maintenance difficult and presents a security risk.
StaticCredentialsProvider Example
AwsCredentials credentials = AwsBasicCredentials.create( //
MyAccessKey.ACCESS_KEY_ID, // accessKeyId
MyAccessKey.SECRET_ACCESS_KEY // secretAccessKey
);
AwsCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);
- Java Awssdk StaticCredentialsProvider
ProfileCredentialsProvider allows reading "accessKeyId/secretAccessKey" in a file located somewhere on the host. This file is called "Profile-File", its location can be specified in Java code or set via environment variable, or be a default path convention.
There are two types of "Profile File":
- ProfileFile.Type.CREDENTIALS
- ProfileFile.Type.CONFIGURATION
1. Library
<!-- https://mvnrepository.com/artifact/software.amazon.awssdk/s3 -->
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>s3</artifactId>
<version>2.21.10</version>
</dependency>
<!-- https://mvnrepository.com/artifact/software.amazon.awssdk/s3-transfer-manager -->
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>s3-transfer-manager</artifactId>
<version>2.21.10</version>
</dependency>
<!-- https://mvnrepository.com/artifact/software.amazon.awssdk.crt/aws-crt -->
<dependency>
<groupId>software.amazon.awssdk.crt</groupId>
<artifactId>aws-crt</artifactId>
<version>0.28.0</version>
</dependency>
<!-- Log Library -->
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.9</version>
</dependency>
<!-- Log Library -->
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-simple -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>2.0.9</version>
</dependency> 2. Profile Type CREDENTIALS
Below is a sample Profile File, it can have multiple "Profile Definition".
With type ProfileFile.Type.CREDENTIALS, the Naming Rule for "Profile Definition" is:
- [default]
- [your-custome-profile-name]
my-profile-credentials.txt
# This is a Comment Line 1
# This is a Comment Line 2
#
# ProfileType.Type.CREDENTIALS Sample:
#
# Profile Definition values: [default] or [your-custom-name]
[default] # Default profile
aws_access_key_id = Your-Access-Key-Id-1
aws_secret_access_key = Your-Secret-Access-Key-1
[my-custom-profile-1] # Custom Profile.
aws_access_key_id = Your-Access-Key-Id-2
aws_secret_access_key = Your-Secret-Access-Key-2For example, create a ProfileCredentialsProvider object with the location of the Profile File hardcoded in the Java code.
ProfileCredentialsProviderUtils1.java
package org.o7planning.java_14233_awssdk_s3.utils;
import java.nio.file.Paths;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
//
// ProfileFile.Type.CREDENTIALS Example.
//
public class ProfileCredentialsProviderUtils1 {
private static final String MY_PROFILE_FILE_PATH = "/Volumes/New/my-profile-credentials.txt";
public static ProfileCredentialsProvider create() {
System.out.println("User Home: " + System.getProperty("user.home"));
// Profile File:
ProfileFile profileFile = ProfileFile.builder() //
.type(ProfileFile.Type.CREDENTIALS) //
.content(Paths.get(MY_PROFILE_FILE_PATH)) //
.build();
// Credentials Provider
return ProfileCredentialsProvider.builder() //
.profileFile(profileFile) //
// .profileName("my-custom-profile-1") // Optional
.build();
}
}
AWS_SHARED_CREDENTIALS_FILE
In case of ProfileType.Type.CREDENTIALS: If you do not specify the location of "Profile File", ProfileCredentialsProvider will get the location from the environment variable AWS_SHARED_CREDENTIALS_FILE or the default path:
>> {UserHome}/.aws/credentials
ProfileCredentialsProviderUtils1B.java
package org.o7planning.java_14233_awssdk_s3.utils;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
//
// ProfileFile.Type.CREDENTIALS Example.
//
public class ProfileCredentialsProviderUtils1B {
public static ProfileCredentialsProvider create() {
System.out.println("User Home: " + System.getProperty("user.home"));
//
// Profile File:
//
ProfileFile profileFile = ProfileFile.builder() //
.type(ProfileFile.Type.CREDENTIALS) //
// Read "Profile File" location from environment variable: AWS_SHARED_CREDENTIALS_FILE
// ... OR Path: {UserHome}/.aws/credentials
// .content(Paths.get(MY_PROFILE_FILE_PATH)) // (***)
.build();
// Credentials Provider
return ProfileCredentialsProvider.builder() //
.profileFile(profileFile) //
.build();
}
}
3. Profile Type CONFIGURATION
Below is a sample Profile File, it can have multiple "Profile Definition".
With type ProfileFile.Type.CONFIGURATION, the Naming Rule for "Profile Definition" is:
- [default]
- [profile your-custome-profile-name]
my-profile-configuration.txt
# This is a Comment Line 1
# This is a Comment Line 2
#
# ProfileType.Type.CONFIGURATION Sample:
#
# Profile Definition values: [default] or [profile your-custom-name]
[default] # Default profile
aws_access_key_id = Your-Access-Key-Id-1
aws_secret_access_key = Your-Secret-Access-Key-2
[profile my-custom-profile-1] # Custom Profile.
aws_access_key_id = Your-Access-Key-Id-2
aws_secret_access_key = Your-Secret-Access-Key-2Example, create a ProfileCredentialsProvider object with the location of the Profile File hardcoded in the Java code.
ProfileCredentialsProviderUtils2.java
package org.o7planning.java_14233_awssdk_s3.utils;
import java.nio.file.Paths;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
//
// ProfileFile.Type.CONFIGURATION Example.
//
public class ProfileCredentialsProviderUtils2 {
private static final String MY_PROFILE_FILE_PATH = "/Volumes/New/my-profile-configuration.txt";
public static ProfileCredentialsProvider create() {
System.out.println("User Home: " + System.getProperty("user.home"));
// Profile File:
ProfileFile profileFile = ProfileFile.builder() //
.type(ProfileFile.Type.CONFIGURATION) //
.content(Paths.get(MY_PROFILE_FILE_PATH)) //
.build();
// Credentials Provider
return ProfileCredentialsProvider.builder() //
.profileFile(profileFile) //
// .profileName("my-custom-profile-1") // Optional
.build();
}
}
AWS_CONFIG_FILE
In case of ProfileType.Type.CONFIGURATION: If you do not specify the location of "Profile File", ProfileCredentialsProvider will get the location from the AWS_CONFIG_FILE environment variable or default path:
>> {UserHome}/.aws/config
ProfileCredentialsProviderUtils2B.java
package org.o7planning.java_14233_awssdk_s3.utils;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
//
// ProfileFile.Type.CONFIGURATION Example.
//
public class ProfileCredentialsProviderUtils2B {
public static ProfileCredentialsProvider create() {
System.out.println("User Home: " + System.getProperty("user.home"));
// Profile File:
ProfileFile profileFile = ProfileFile.builder() //
.type(ProfileFile.Type.CONFIGURATION) //
// Read "Profile File" location from environment variable: AWS_CONFIG_FILE
// ... OR Path: {UserHome}/.aws/config
// .content(Paths.get(MY_PROFILE_FILE_PATH)) // (***)
.build();
// Credentials Provider
return ProfileCredentialsProvider.builder() //
.profileFile(profileFile) //
.build();
}
}
4. Examples
Example, create an S3Client object from ProfileCredentialsProvider:
S3ClientExample.java
package org.o7planning.java_14233_awssdk_s3;
import org.o7planning.java_14233_awssdk_s3.utils.ProfileCredentialsProviderUtils1;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
public class S3ClientExample {
// EU (Frankfurt) - Germany.
private static final Region MY_S3_REGION = Region.EU_CENTRAL_1;
private static S3Client createS3Client() {
ProfileCredentialsProvider provider = ProfileCredentialsProviderUtils1.create();
S3Client client = S3Client.builder() //
.credentialsProvider(provider) //
.region(MY_S3_REGION) //
.build();
return client;
}
public static void main(String[] args) {
S3Client s3Client = createS3Client();
System.out.println("s3Client: " + s3Client);
// And use s3Client to upload files...
}
}
- Java Awssdk S3 Tải file xuống từ S3 Bucket với S3Client
Example, Create S3TransferManager object from ProfileCredentialsProvider:
S3TransferManagerExample.java
package org.o7planning.java_14233_awssdk_s3;
import org.o7planning.java_14233_awssdk_s3.utils.ProfileCredentialsProviderUtils1;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.transfer.s3.S3TransferManager;
import software.amazon.awssdk.transfer.s3.SizeConstant;
public class S3TransferManagerExample {
// EU (Frankfurt) - Germany.
private static final Region MY_S3_REGION = Region.EU_CENTRAL_1;
private static S3TransferManager createS3TransferManager() {
ProfileCredentialsProvider provider = ProfileCredentialsProviderUtils1.create();
S3AsyncClient s3AsyncClient = S3AsyncClient.crtBuilder() //
.credentialsProvider(provider) //
.region(MY_S3_REGION) //
.targetThroughputInGbps(20.0) //
.minimumPartSizeInBytes(10 * SizeConstant.MB)//
.build();
return S3TransferManager.builder().s3Client(s3AsyncClient).build();
}
public static void main(String[] args) {
S3TransferManager s3TransferManager = createS3TransferManager();
System.out.println("s3TransferManager: " + s3TransferManager);
// And use s3TransferManager to upload file,directory...
}
}
Amazon Web Services Tutorials
- Introduction to Amazon Web Services (AWS)
- Introduction to Amazon S3
- Introduction to Amazon Cloudfront and its architecture
- How to reduce Amazon Cloudfront Costs?
- Amazon CloudFront Invalidation
- Introduction to DigitalOcean Spaces
- Create DigitalOcean Spaces Bucket
- Introduction to Amazon ACM
- Java Awssdk S3 S3Client Upload object
- Create AWS accessKeyId/secretAccessKey
- Java Awssdk S3 List objects
- Host a static website on Amazon S3
- Java Awssdk CloudFront Invalidation
- DigitalOcean Spaces Create Access Key
- Java Awssdk Common Credentials Providers
- Java Awssdk ProfileCredentialsProvider
- Java Awssdk Creating and using EnvironmentVariableCredentialsProvider
- Java Awssdk Creating and using SystemPropertyCredentialsProvider
- Java Awssdk S3 Upload object with S3TransferManager
- Java Awssdk S3 S3TransferManager download object
- Java Manipulate DigitalOcean Spaces using S3TransferManager
- Java Create, list and delete S3 Bucket
- Aws Console create IAM User
- Create Amazon S3 Bucket
- Configure custom domain for Amazon S3 static website
- Create a CloudFront distribution for S3 Bucket
- Configure Amazon CloudFront Error Pages
- Amazon S3 Bucket policies
- Amazon AWS Policy Generator - policygen
- Migrate DNS service to Amazon Route 53
- Transfer domain registration to Amazon Route 53
- Request an SSL certificate from Amazon ACM
Show More