![](/img/trans.png)
[英]How can I configure spring app to use IAM Role(running inside AWS ECS) on aws and credentials on dev env?
[英]How to use AWS KMS with java sdk to be able to resolve IAM credentials into ECS env?
我有一個使用憑據構建的加密服務
public AWSKMS kms() {
final AWSKMSClientBuilder builder = AWSKMSClient.builder();
if (!properties.getAccessKey().isEmpty() && !properties.getSecretKey().isEmpty()) {
builder.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(properties.getAccessKey(), properties.getSecretKey())));
}
if (Optional.ofNullable(properties.getEndpoint()).isPresent()) {
builder.withEndpointConfiguration(new EndpointConfiguration(properties.getEndpoint().getServiceEndpoint(), properties.getEndpoint().getSigningRegion()));
} else {
Optional.ofNullable(properties.getRegion()).ifPresent(builder::setRegion);
}
return builder.build();
}
此服務是否可以從 IAM 角色檢索憑證?
一旦您擁有使用 StS 提取的信用,您就可以請求擔任一個角色,您的信用將更新為具有該角色權限的人。
就像是,
樣品:
擔任角色 AssumeRole
AWSSecurityTokenService client = AWSSecurityTokenServiceClientBuilder.standard().build();
AssumeRoleRequest request = new AssumeRoleRequest().withRoleArn("arn:aws:iam::123456789012:role/demo").withRoleSessionName("Bob")
.withPolicy("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}")
.withDurationSeconds(3600).withExternalId("123ABC");
AssumeRoleResult response = client.assumeRole(request);
AWS 在Java的 SDK 中對其進行了概述
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.