/**
* The only information needed to create a client are security credentials - your AWS Access Key
* ID and Secret Access Key. All other configuration, such as the service endpoints have defaults
* provided.
*
* <p>Additional client parameters, such as proxy configuration, can be specified in an optional
* ClientConfiguration object when constructing a client.
*
* @see com.amazonaws.auth.BasicAWSCredentials
* @see com.amazonaws.auth.PropertiesCredentials
* @see com.amazonaws.ClientConfiguration
*/
private static void init() throws Exception {
/*
* ProfileCredentialsProvider loads AWS security credentials from a
* .aws/config file in your home directory.
*
* These same credentials are used when working with the AWS CLI.
*
* You can find more information on the AWS profiles config file here:
* http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
*/
AWSCredentialsProvider credentialsProvider = new ProfileCredentialsProvider();
if (credentialsProvider.getCredentials() == null) {
File configFile = new File(System.getProperty("user.home"), ".aws/config");
throw new RuntimeException(
"No AWS security credentials found:\n"
+ "Make sure you've configured your credentials in: "
+ configFile.getAbsolutePath()
+ "\n"
+ "For more information on configuring your credentials, see "
+ "http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html");
}
ec2 = new AmazonEC2Client(credentialsProvider);
s3 = new AmazonS3Client(credentialsProvider);
}
/** Returns the AWS credentials for the specified profile. */
public AWSCredentials getCredentials(String profileName) {
final AWSCredentialsProvider provider = credentialProviderCache.get(profileName);
if (provider != null) {
return provider.getCredentials();
} else {
BasicProfile profile = allProfiles.getProfile(profileName);
if (profile == null) {
throw new IllegalArgumentException("No AWS profile named '" + profileName + "'");
}
final AWSCredentialsProvider newProvider = fromProfile(profile);
credentialProviderCache.put(profileName, newProvider);
return newProvider.getCredentials();
}
}
private <X, Y extends AmazonWebServiceRequest> Response<X> invoke(
Request<Y> request,
HttpResponseHandler<AmazonWebServiceResponse<X>> responseHandler,
ExecutionContext executionContext) {
request.setEndpoint(endpoint);
request.setTimeOffset(timeOffset);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
AWSCredentials credentials;
awsRequestMetrics.startEvent(Field.CredentialsRequestTime);
try {
credentials = awsCredentialsProvider.getCredentials();
} finally {
awsRequestMetrics.endEvent(Field.CredentialsRequestTime);
}
AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
if (originalRequest != null && originalRequest.getRequestCredentials() != null) {
credentials = originalRequest.getRequestCredentials();
}
executionContext.setCredentials(credentials);
DefaultErrorResponseHandler errorResponseHandler =
new DefaultErrorResponseHandler(exceptionUnmarshallers);
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
@Override
public void signRequest(HttpUriRequest request) {
AWSCredentials credentials = awsCredentialsProvider.getCredentials();
if (credentials instanceof AWSSessionCredentials) {
request.addHeader(
SESSION_TOKEN_HEADER, ((AWSSessionCredentials) credentials).getSessionToken());
}
String canonicalRequest = createCanonicalRequest(request);
log.debug("canonicalRequest: " + canonicalRequest);
String[] requestParts = canonicalRequest.split("\n");
String signedHeaders = requestParts[requestParts.length - 2];
String stringToSign = createStringToSign(canonicalRequest);
log.debug("stringToSign: " + stringToSign);
String authScope = stringToSign.split("\n")[2];
String signature = createSignature(stringToSign);
String authHeader =
String.format(
AUTH_HEADER_FORMAT,
credentials.getAWSAccessKeyId(),
authScope,
signedHeaders,
signature);
request.addHeader(AUTH_HEADER_NAME, authHeader);
}
byte[] getSignatureKey() {
byte[] secret = getBytes("AWS4" + awsCredentialsProvider.getCredentials().getAWSSecretKey());
byte[] date = hmacSHA256(datestamp(), secret);
byte[] retion = hmacSHA256(regionName, date);
byte[] service = hmacSHA256(serviceName, retion);
return hmacSHA256("aws4_request", service);
}
private <X, Y extends AmazonWebServiceRequest> X invoke(
Request<Y> request, Unmarshaller<X, StaxUnmarshallerContext> unmarshaller) {
request.setEndpoint(endpoint);
request.setTimeOffset(timeOffset);
for (Entry<String, String> entry :
request.getOriginalRequest().copyPrivateRequestParameters().entrySet()) {
request.addParameter(entry.getKey(), entry.getValue());
}
AWSCredentials credentials = awsCredentialsProvider.getCredentials();
AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
if (originalRequest != null && originalRequest.getRequestCredentials() != null) {
credentials = originalRequest.getRequestCredentials();
}
ExecutionContext executionContext = createExecutionContext();
executionContext.setSigner(signer);
executionContext.setCredentials(credentials);
StaxResponseHandler<X> responseHandler = new StaxResponseHandler<X>(unmarshaller);
DefaultErrorResponseHandler errorResponseHandler =
new DefaultErrorResponseHandler(exceptionUnmarshallers);
return (X) client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
/**
* Computes the presigned URL for the given S3 resource.
*
* @param path String like "/bucketName/folder/folder/abc.txt" that represents the resource to
* request.
*/
public URL buildPresignedURL(String path) throws AmazonClientException {
AWSCredentials credentials = awsCredentialsProvider.getCredentials();
long expires = System.currentTimeMillis() + 60 * 60 * 1000;
GeneratePresignedUrlRequest request =
new GeneratePresignedUrlRequest(path, credentials.getAWSSecretKey());
request.setExpiration(new Date(expires));
AmazonS3 s3 = new AmazonS3Client(credentials);
return s3.generatePresignedUrl(request);
}
private static void configure(String propertiesFile) throws IOException {
if (propertiesFile != null) {
loadProperties(propertiesFile);
}
// ensure the JVM will refresh the cached IP values of AWS resources (e.g. service endpoints).
java.security.Security.setProperty("networkaddress.cache.ttl", "60");
String workerId = InetAddress.getLocalHost().getCanonicalHostName() + ":" + UUID.randomUUID();
LOG.info("Using workerId: " + workerId);
// Get credentials from IMDS. If unsuccessful, get them from the credential profiles file.
AWSCredentialsProvider credentialsProvider = null;
try {
credentialsProvider = new InstanceProfileCredentialsProvider();
// Verify we can fetch credentials from the provider
credentialsProvider.getCredentials();
LOG.info("Obtained credentials from the IMDS.");
} catch (AmazonClientException e) {
LOG.info("Unable to obtain credentials from the IMDS, trying classpath properties", e);
credentialsProvider = new ProfileCredentialsProvider();
// Verify we can fetch credentials from the provider
credentialsProvider.getCredentials();
LOG.info("Obtained credentials from the properties file.");
}
LOG.info(
"Using credentials with access key id: "
+ credentialsProvider.getCredentials().getAWSAccessKeyId());
kinesisClientLibConfiguration =
new KinesisClientLibConfiguration(
applicationName, streamName, credentialsProvider, workerId)
.withInitialPositionInStream(initialPositionInStream)
.withRegionName(kinesisEndpoint);
}
private <X, Y extends AmazonWebServiceRequest> Response<X> invoke(
Request<Y> request,
Unmarshaller<X, StaxUnmarshallerContext> unmarshaller,
ExecutionContext executionContext) {
request.setEndpoint(endpoint);
request.setTimeOffset(timeOffset);
AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
AWSCredentials credentials = awsCredentialsProvider.getCredentials();
if (originalRequest.getRequestCredentials() != null) {
credentials = originalRequest.getRequestCredentials();
}
executionContext.setCredentials(credentials);
StaxResponseHandler<X> responseHandler = new StaxResponseHandler<X>(unmarshaller);
DefaultErrorResponseHandler errorResponseHandler =
new DefaultErrorResponseHandler(exceptionUnmarshallers);
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
@Override
public AWSCredentials getCredentials() {
return credentialsProvider.getCredentials();
}