AWS Java Core SDK 1.12.x - DefaultCredentialsProviderChain #3006
Comments
vpeddada-tibco
added
bug
|
Which version of 1.11.x exactly were you using? One change that could have impacted role_arn is that in SDK version 1.11.704 we increased the priority of WebIdentityTokenCredentialsProvider in the Default Credential Provider Chain, but we didn't change how the role_arn value was read. Can you show a sample of how your credentials file and config file looks like? |
debora-ito
added
response-requested
|
Hi @debora-ito , Thank you for your response. Please find the attachments for the credentials and config files. Also, I attached the AWS SDK debug logs for your reference. Let me know if you need any additional information. Thanks |
github-actions
bot
removed
the
response-requested
|
Hi @debora-ito , Do you have any further update on this issue? |
|
@vpeddada sorry for the silence, I'll take a look at the logs shortly. |
|
@vpeddada I found the change that may have impacted this. We have an old feature request (#803) asking to make assume role properties in the credentials and config files in the Java SDK more similar to the AWS CLI behavior - you can read more details on the issue over there. While we can't make the asked changes without breaking backwards compatibility, in version
What I'm finding weird is that after the change, having the role_arn in the config file should work. I'm still investigating this. |
|
Actually I tried to reproduce the issue locally but I couldn't, in both older and newer versions. Are you sure the role_arn is not being picked up from the config file? |
debora-ito
added
the
response-requested
|
It looks like this issue has not been active for more than five days. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please add a comment to prevent automatic closure, or if the issue is already closed please feel free to reopen it. |
github-actions
bot
added
closing-soon
Describe the bug
Hi Team,
We have recently migrated the AWS Java SDK for S3 and it's dependencies from 1.11.x to 1.12.x. During the course of evaluation, we observed that for DefaultCredentialsProviderChain type of authentication using the Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI, the SDK is not able to detect the role_arn for cross account access from the config file.
However if we provide the role_arn in credentials file, then it's picking it up successfully. Until 1.11.x it's working in line with AWS CLI where it reads the AWS Credentilas from Credentials file and role_arn from Config file.
Hence we would like to know if changes have been induced in the AWS Core SDK in 1.12.x or if this is a defect in the SDK as the behavior changed from 1.11.x to 1.12.x.
Expected Behavior
Ideally the SDK should be able to read role_arn from config file as per the older version of the SDK.
Current Behavior
Currently with 1.12.x version the SDK couldn't read the role_arn from config file.
Reproduction Steps
AmazonS3Client s3client =AmazonS3ClientBuilder.standard()
.withCredentials(credentialsProvider).build();
Configure the Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI.
Provide role_arn in config file.
Possible Solution
I have checked the changelog from https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md location but couldn't find any references of DefaultCredentialsProvider. Hence I request you to clear this query if this change of behavior is intentionally induced by the SDK team
Additional Information/Context
However if we provide the role_arn in credentials file, then it's picking it up successfully. Until 1.11.x it's working in line with AWS CLI where it reads the AWS Credentials from Credentials file and role_arn from Config file.
AWS Java SDK version used
1.12.411
JDK version used
1.8
Operating System and version
Windows 10
The text was updated successfully, but these errors were encountered: