FISH-7866 AWS SDK Security Token Service (STS) support #751
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for AWS STS auth in Payara Cloud Connector - AWS SQS
To enhance security and provide temporary, limited-access credentials for your Java application using Payara Cloud Connector for AWS SQS, integrate with AWS Security Token Service (STS) through Identity and Access Management (IAM). Follow these steps to set up STS integration:
Creating IAM Role
Steps:
Open the IAM Console
Create an IAM Role
Add permissions
Role details
Retrieve User ARN
Retrieve Role ARN
Update Trust Relationship
Make sure to replace the values with your specific IAM user ARN and role ARN.
roleSessionName
, choose a logical name for your session (e.g., "PayaraSQSSession").Conclusion
It's crucial to establish a link between the IAM user's ARN and the IAM role's Trust Relationship by configuring the Trust Relationship with the user's ARN. This linkage ensures that the IAM user has the necessary permissions to assume the role. Additionally, for seamless integration, configure the
roleArn
androleSessionName
in the Payara Cloud Connector AWS SQS:roleArn: The ARN of the IAM role you've just created.
roleSessionName: A logical name for your session (e.g., "PayaraSQSSession").
These values play a crucial role in the configuration of Payara Cloud Connector AWS SQS, enabling your Java application to establish the necessary connections securely.
Sending Messages
Sending messages to Amazon SQS can be done via the JCA and an Amazon-specific API. Define a resource using the JCA API and a connection factory. The following Java code provides an example:
With this definition, you can send messages using the following example code:
Receiving Messages
Messages can be received from Amazon SQS by creating an MDB (Message Driven Bean) that implements the
fish.payara.cloud.connectors.amazonsqs.api.AmazonSQSListener
marker interface. Below is an example:Documentation
payara/Payara-Documentation#394 (Payara6)
payara/Payara-Documentation#393 (Payara5)