create a Java application, which will use an ec2 role to access the restricted s3 bucket on Local

Question

  AmazonS3 s3;
  s3  = AmazonS3ClientBuilder.standard().withRegion(region).build();
  return s3;

I am creating s3 client without providing any credentials now If I use any api using this s3 client it will throw an saying access denied.

  AWSCredentials credentials = new BasicAWSCredentials(accessKey, accessSecret);
  return AmazonS3ClientBuilder.standard()
            .withCredentials(new AWSStaticCredentialsProvider(credentials))
            .withRegion(region).build();

With using this code it will work but I dont want to provide accessKey and accessSecret. I have created a role with s3bucket full access and ec2 full access. Now how to create a Java application, which will use an ec2 role to access the restricted s3 bucket on Localwithout access key and secret key

Answer 1

Instead of using the BasicAwsCredentials provider use the com.amazonaws.auth.DefaultAWSCredentialsProviderChain to get the credentials instance. The DefaultAWSCredentialsProvider goes in the below order.

AWS credentials provider chain that looks for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
• Java System Properties - aws.accessKeyId and aws.secretKey
• Web Identity Token credentials from the environment or container
• Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
• Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
• Instance profile credentials delivered through the Amazon EC2 metadata service