AmazonS3ClientBuilder assumed the Node role instead of ServiceAccount role

[harmeet-singh-discovery]

Expected Behavior

When Java server runs on AWS EKS pod, I get the following error:
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;

After debugging, I found that the S3Client that interacts with S3 assumed the Node role, instead of the ServiceAccount Role.

Current Behavior

The S3Client that interacts with S3 assumed the Node role, instead of the ServiceAccount Role.

Steps to reproduce

Specifications

• Version:
• Platform:
• Subsystem:

Possible Solution

I made the following change and deployed the java service on AWS EKS. I was able to run the server without encountering above mentioned error.

@Provides
 public AmazonS3 awsStorage(ApplicationProperties applicationProperties) {
     AmazonS3ClientBuilder builder=AmazonS3ClientBuilder.standard().withRegion(applicationProperties.getFeast().getAwsRegion());  
    String roleArn = applicationProperties.getFeast().getRoleRegion();
    String webIdentityTokenFile = applicationProperties.getFeast().getToken();

    if (roleArn != null && webIdentityTokenFile != null) {
        WebIdentityTokenCredentialsProvider credentialsProvider = WebIdentityTokenCredentialsProvider.builder()
                .roleArn(roleArn)
                .webIdentityTokenFile(webIdentityTokenFile)
                .build();

        builder.withCredentials(credentialsProvider);
    }
    return builder.build();
  }