change aws credentials provider order and parametrize aws profile name #15
Conversation
|
Thanks for the pull request, we'll check it out soon. |
| new InstanceProfileCredentialsProvider(), | ||
| new ProfileCredentialsProvider(), | ||
| new ProfileCredentialsProvider(awsProfile), | ||
| new EC2ContainerCredentialsProviderWrapper(), |
There was a problem hiding this comment.
Suggest you look at doing something like this - verygoodsecurity@7672449#diff-bc25e29340c2c636b9eac497e8efc484R28
DefaultAWSCredentialsProviderChain - https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
AWS credentials provider chain that looks for credentials in this order:
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties - aws.accessKeyId and aws.secretKey
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
- Instance profile credentials delivered through the Amazon EC2 metadata service
There was a problem hiding this comment.
I know about the DefaultAWSCredentialsProviderChain. I would have used it, but I need to be able to overwrite the profileName, and the DefaultAWSCredentialsProviderChain does not allow that.
You see, in our cause we have multiple aws accounts, and our application itself needs to run under one profile, and the build under another (because our s3 bucket is located in another account).
No description provided.