Version 1.3.11 of the AWS Java SDK

This release adds support for AWS IAM Instance Profiles, including new credentials provider implementations in the SDK and updates to Amazon EC2 and Auto Scaling for IAM Instance Profiles, and also adds new features in the Amazon S3, Amazon EC2, Auto Scaling, and Amazon RDS APIs.

For more information, see the full release notes:
http://aws.amazon.com/releasenotes/1487388672444310

META-INF/MANIFEST.MF

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: AWS SDK for Java
 Bundle-SymbolicName: com.amazonaws.sdk;singleton:=true
-Bundle-Version: 1.3.10
+Bundle-Version: 1.3.11
 Bundle-Vendor: Amazon Technologies, Inc
 Bundle-RequiredExecutionEnvironment: JavaSE-1.6
 Require-Bundle: org.apache.commons.codec;bundle-version="1.3.0",

pom.xml

@@ -6,7 +6,7 @@
     <artifactId>aws-java-sdk</artifactId>
     <packaging>jar</packaging>
     <name>AWS SDK for Java</name>
-    <version>1.3.10</version>
+    <version>1.3.11</version>
     <description>The Amazon Web Services SDK for Java provides Java APIs for building software on AWS’ cost-effective, scalable, and reliable infrastructure products. The AWS Java SDK allows developers to code against APIs for all of Amazon's infrastructure web services (Amazon S3, Amazon EC2, Amazon SQS, Amazon Relational Database Service, Amazon AutoScaling, etc).</description>
     <url>http://aws.amazon.com/sdkforjava</url>
 

src/main/java/com/amazonaws/auth/AWSCredentialsProviderChain.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.auth;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.amazonaws.AmazonClientException;
+
+/**
+ * {@link AWSCredentialsProvider} implementation that chains together multiple
+ * credentials providers. When a caller requests credentials from this provider,
+ * it calls all the providers in the chain, in the original order specified,
+ * until one can provide credentials, and then returns those credentials. If all
+ * of the credential providers in the chain have been called, and none of them
+ * can provide credentials, then this class will throw an exception indicated
+ * that no credentials are available.
+ */
+public class AWSCredentialsProviderChain implements AWSCredentialsProvider {
+
+    private static final Log log = LogFactory.getLog(AWSCredentialsProviderChain.class);
+
+    private List<AWSCredentialsProvider> credentialsProviders =
+        new LinkedList<AWSCredentialsProvider>();
+
+
+    /**
+     * Constructs a new AWSCredentialsProviderChain with the specified
+     * credential providers. When credentials are requested from this provider,
+     * it will call each of these credential providers in the same order
+     * specified here until one of them returns AWS security credentials.
+     *
+     * @param credentialsProviders
+     *            The chain of credentials providers.
+     */
+    public AWSCredentialsProviderChain(AWSCredentialsProvider... credentialsProviders) {
+        if (credentialsProviders == null || credentialsProviders.length == 0)
+            throw new IllegalArgumentException("No credential providers specified");
+
+        for (AWSCredentialsProvider provider : credentialsProviders) {
+            this.credentialsProviders.add(provider);
+        }
+    }
+
+    public AWSCredentials getCredentials() {
+        for (AWSCredentialsProvider provider : credentialsProviders) {
+            try {
+                AWSCredentials credentials = provider.getCredentials();
+
+                if (credentials.getAWSAccessKeyId() != null &&
+                    credentials.getAWSSecretKey() != null) {
+                    log.debug("Loading credentials from " + provider.toString());
+                    return credentials;
+                }
+            } catch (Exception e) {
+                // Ignore any exceptions and move onto the next provider
+                log.debug("Unable to load credentials from " + provider.toString() +
+                          ": " + e.getMessage());
+            }
+        }
+
+        throw new AmazonClientException("Unable to load AWS credentials from any provider in the chain");
+    }
+
+    public void refresh() {
+        for (AWSCredentialsProvider provider : credentialsProviders) {
+            provider.refresh();
+        }
+    }
+}

src/main/java/com/amazonaws/auth/ClasspathPropertiesFileCredentialsProvider.java

@@ -0,0 +1,97 @@
+/*
+ * Copyright 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.auth;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import com.amazonaws.AmazonClientException;
+
+/**
+ * {@link AWSCredentialsProvider} implementation that loads AWS security
+ * credentials from a properties file on the classpath. The default
+ * constructor creates a credentials provider that loads the credentials
+ * from a file named <code>AwsCredentials.properties</code> on the
+ * classpath, but which file to use from the classpath can also be controled
+ * through the one-argument constructor.
+ * <p>
+ * The AWS access key ID is expected to be in the <code>accessKey</code>
+ * property and the AWS secret key is expected to be in the
+ * <code>secretKey</code> property.
+ */
+public class ClasspathPropertiesFileCredentialsProvider implements AWSCredentialsProvider {
+
+    /** The name of the properties file to check for credentials */
+    private static String DEFAULT_PROPERTIES_FILE = "AwsCredentials.properties";
+
+    private final String credentialsFilePath;
+
+    /**
+     * Creates a new ClasspathPropertiesFileCredentialsProvider that will
+     * attempt to load the <code>AwsCredentials.properties</code> file from
+     * the classpath to read AWS security credentials.
+     */
+    public ClasspathPropertiesFileCredentialsProvider() {
+        this(DEFAULT_PROPERTIES_FILE);
+    }
+
+    /**
+     * Creates a new ClasspathPropertiesFileCredentialsProvider that will
+     * attempt to load a custom file from the classpath to read AWS security
+     * credentials.
+     *
+     * @param credentialsFilePath
+     *            The custom classpath resource path to a properties file
+     *            from which the AWS security credentials should be loaded.
+     *
+     *            For example,
+     *            <ul>
+     *              <li>com/mycompany/credentials.properties</li>
+     *              <li>beta-credentials.properties</li>
+     *              <li>AwsCredentials.properties</li>
+     *            </ul>
+     */
+    public ClasspathPropertiesFileCredentialsProvider(String credentialsFilePath) {
+        if (credentialsFilePath == null)
+            throw new IllegalArgumentException("Credentials file path cannot be null");
+
+        // Make sure the path is absolute
+        if (!credentialsFilePath.startsWith("/")) {
+            this.credentialsFilePath = "/" + credentialsFilePath;
+        } else {
+            this.credentialsFilePath = credentialsFilePath;
+        }
+    }
+
+    public AWSCredentials getCredentials() {
+        InputStream inputStream = getClass().getResourceAsStream(credentialsFilePath);
+        if (inputStream == null) {
+            throw new AmazonClientException("Unable to load AWS credentials from the " + credentialsFilePath + " file on the classpath");
+        }
+
+        try {
+            return new PropertiesCredentials(inputStream);
+        } catch (IOException e) {
+            throw new AmazonClientException("Unable to load AWS credentials from the " + credentialsFilePath + " file on the classpath", e);
+        }
+    }
+
+    public void refresh() {}
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + "(" + credentialsFilePath + ")";
+    }
+}

src/main/java/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.auth;
+
+/**
+ * AWS credentials provider chain that looks for credentials in this order:
+ * <ul>
+ *   <li>Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY</li>
+ *   <li>Java System Properties - aws.accessKeyId and aws.secretKey</li>
+ *   <li>Instance profile credentials delivered through the Amazon EC2 metadata service</li>
+ * </ul>
+ *
+ * @see EnvironmentVariableCredentialsProvider
+ * @see SystemPropertiesCredentialsProvider
+ * @see InstanceProfileCredentialsProvider
+ */
+public class DefaultAWSCredentialsProviderChain extends AWSCredentialsProviderChain {
+    public DefaultAWSCredentialsProviderChain() {
+        super(new EnvironmentVariableCredentialsProvider(),
+              new SystemPropertiesCredentialsProvider(),
+              new InstanceProfileCredentialsProvider());
+    }
+}

src/main/java/com/amazonaws/auth/EnvironmentVariableCredentialsProvider.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.auth;
+
+import com.amazonaws.AmazonClientException;
+
+/**
+ * {@link AWSCredentialsProvider} implementation that provides credentials
+ * by looking at the <code>AWS_ACCESS_KEY_ID</code> and
+ * <code>AWS_SECRET_KEY</code> environment variables.
+ */
+public class EnvironmentVariableCredentialsProvider implements AWSCredentialsProvider {
+
+    /** Environment variable name for the AWS access key ID */
+    private static final String ACCESS_KEY_ENV_VAR = "AWS_ACCESS_KEY_ID";
+
+    /** Environment variable name for the AWS secret key */
+    private static final String SECRET_KEY_ENV_VAR = "AWS_SECRET_KEY";
+
+    public AWSCredentials getCredentials() {
+        if (System.getenv(ACCESS_KEY_ENV_VAR) != null &&
+            System.getenv(SECRET_KEY_ENV_VAR) != null) {
+
+            return new BasicAWSCredentials(
+                    System.getenv(ACCESS_KEY_ENV_VAR),
+                    System.getenv(SECRET_KEY_ENV_VAR));
+        }
+
+        throw new AmazonClientException(
+                "Unable to load AWS credentials from environment variables " +
+                "(" + ACCESS_KEY_ENV_VAR + " and " + SECRET_KEY_ENV_VAR + ")");
+    }
+
+    public void refresh() {}
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName();
+    }
+}

src/main/java/com/amazonaws/auth/InstanceProfileCredentialsProvider.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.amazonaws.auth;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.util.Date;
+
+import com.amazonaws.AmazonClientException;
+import com.amazonaws.internal.EC2MetadataClient;
+import com.amazonaws.util.DateUtils;
+import com.amazonaws.util.json.JSONException;
+import com.amazonaws.util.json.JSONObject;
+
+/**
+ * Credentials provider implementation that loads credentials from the Amazon
+ * EC2 Instance Metadata Service.
+ */
+public class InstanceProfileCredentialsProvider implements AWSCredentialsProvider {
+
+    private AWSCredentials credentials;
+    private Date credentialsExpiration;
+
+    public AWSCredentials getCredentials() {
+        if (needsToLoadCredentials()) loadCredentials();
+
+        return credentials;
+    }
+
+    public void refresh() {
+        loadCredentials();
+    }
+
+    private boolean needsToLoadCredentials() {
+        if (credentials == null) return true;
+
+        if (credentialsExpiration != null) {
+            int thresholdInMilliseconds = 1000 * 60 * 5;
+            boolean withinExpirationThreshold = System.currentTimeMillis() - credentialsExpiration.getTime() < thresholdInMilliseconds;
+            if (withinExpirationThreshold) return true;
+        }
+
+        return false;
+    }
+
+    private synchronized void loadCredentials() {
+        try {
+            String credentialsResponse = new EC2MetadataClient().getDefaultCredentials();
+            JSONObject jsonObject = new JSONObject(credentialsResponse);
+
+            if (jsonObject.has("Token")) {
+                credentials = new BasicSessionCredentials(
+                        jsonObject.getString("AccessKeyId"),
+                        jsonObject.getString("SecretAccessKey"),
+                        jsonObject.getString("Token"));
+            } else {
+                credentials = new BasicAWSCredentials(
+                        jsonObject.getString("AccessKeyId"),
+                        jsonObject.getString("SecretAccessKey"));
+            }
+
+            if (jsonObject.has("Expiration")) {
+                /*
+                 * TODO: The expiration string comes in a different format than
+                 *       what we deal with in other parts of the SDK, so we have
+                 *       to convert it to the ISO8601 syntax we expect.
+                 */
+                String expiration = jsonObject.getString("Expiration");
+                expiration = expiration.replaceAll("\\+0000$", "Z");
+
+                credentialsExpiration = new DateUtils().parseIso8601Date(expiration);
+            }
+        } catch (IOException e) {
+            throw new AmazonClientException("Unable to load credentials from Amazon EC2 metadata service", e);
+        } catch (JSONException e) {
+            throw new AmazonClientException("Unable to parse credentials from Amazon EC2 metadata service", e);
+        } catch (ParseException e) {
+            throw new AmazonClientException("Unable to parse credentials expiration date from Amazon EC2 metadata service", e);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName();
+    }
+}