Skip to content

Commit 01ba6d3

Browse files
ggallottiggallotti
committed
AWS S3 Use IAM Cretendials when possible.
1 parent 125a725 commit 01ba6d3

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

gxexternalproviders/src/main/java/com/genexus/db/driver/ExternalProviderS3.java

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package com.genexus.db.driver;
22

3+
import com.amazonaws.auth.*;
34
import com.amazonaws.client.builder.AwsClientBuilder;
45
import com.amazonaws.services.s3.model.*;
56
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -14,9 +15,7 @@
1415
import java.io.File;
1516
import java.io.InputStream;
1617
import java.io.ByteArrayInputStream;
17-
import com.amazonaws.auth.AWSCredentials;
18-
import com.amazonaws.auth.BasicAWSCredentials;
19-
import com.amazonaws.auth.AWSStaticCredentialsProvider;
18+
2019
import com.amazonaws.services.s3.AmazonS3;
2120
import com.amazonaws.services.s3.AmazonS3Client;
2221
import com.amazonaws.util.IOUtils;
@@ -41,6 +40,7 @@ public class ExternalProviderS3 extends ExternalProviderBase implements External
4140
static final String STORAGE_ENDPOINT = "ENDPOINT";
4241
static final String BUCKET = "BUCKET_NAME";
4342
static final String REGION = "REGION";
43+
static final String USE_IAM = "USE_IAM";
4444

4545
//Keep it for compatibility reasons
4646
@Deprecated
@@ -90,8 +90,8 @@ public ExternalProviderS3(GXService providerService) throws Exception{
9090
}
9191

9292
private void initialize() throws Exception{
93-
String accessKey = getEncryptedPropertyValue(ACCESS_KEY, ACCESS_KEY_ID_DEPRECATED);
94-
String secretKey = getEncryptedPropertyValue(SECRET_ACCESS_KEY, SECRET_ACCESS_KEY_DEPRECATED);
93+
String accessKey = getEncryptedPropertyValue(ACCESS_KEY, ACCESS_KEY_ID_DEPRECATED, "");
94+
String secretKey = getEncryptedPropertyValue(SECRET_ACCESS_KEY, SECRET_ACCESS_KEY_DEPRECATED, "");
9595
String bucket = getEncryptedPropertyValue(BUCKET, BUCKET_DEPRECATED);
9696
String folder = getPropertyValue(FOLDER, FOLDER_DEPRECATED, "");
9797
String region = getPropertyValue(REGION, REGION_DEPRECATED, DEFAULT_REGION);
@@ -109,19 +109,28 @@ private void initialize() throws Exception{
109109
if (region.length() == 0) {
110110
region = DEFAULT_REGION;
111111
}
112+
112113
this.bucket = bucket;
113114
this.folder = folder;
114-
this.client = buildS3Client(accessKey, secretKey, endpointValue, region);
115115

116+
this.client = buildS3Client(accessKey, secretKey, endpointValue, region);
116117
bucketExists();
117118
ensureFolder(folder);
118119
}
119120
}
120121

121122
private AmazonS3 buildS3Client(String accessKey, String secretKey, String endpoint, String region) {
122123
AmazonS3 s3Client;
123-
AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
124-
AmazonS3ClientBuilder builder = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(credentials));
124+
125+
boolean bUseIAM = !getPropertyValue(USE_IAM, "", "").isEmpty() || (accessKey.equals("") && secretKey.equals(""));
126+
127+
AmazonS3ClientBuilder builder = bUseIAM ?
128+
AmazonS3ClientBuilder.standard():
129+
AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)));
130+
131+
if (bUseIAM) {
132+
logger.debug("Using IAM Credentials");
133+
}
125134

126135
if (endpoint.length() > 0 && !endpoint.contains(".amazonaws.com")) {
127136
pathStyleUrls = true;

0 commit comments

Comments
 (0)