List of usage examples for com.amazonaws.services.securitytoken.model Credentials getSessionToken
public String getSessionToken()
The token that users must pass to the service API to use the temporary credentials.
From source file:awslabs.lab41.Lab41.java
License:Open Source License
public void appMode_Run(LabVariables labVariables) throws InterruptedException, IOException { AWSCredentials credentials = getCredentials("appmode"); Credentials devCredentials = null, prodCredentials = null; AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials); //stsClient.setRegion(Lab41.region); System.out.println("\nAssuming developer role to retrieve developer session credentials."); Boolean retry;// ww w .j a v a 2 s.c o m long start = System.currentTimeMillis(); do { try { devCredentials = labCode.appMode_AssumeRole(stsClient, labVariables.getDevelopmentRoleArn(), "dev_session"); retry = false; } catch (AmazonServiceException ase) { if (ase.getErrorCode().equals("AccessDenied")) { // If we get access denied, the policy that we created hasn't fully propagated through STS // so we need to wait and retry. This code will retry for 30 seconds before timing out. long now = System.currentTimeMillis(); if (now >= (start + 30 * 1000)) { System.out.println(); throw ase; // Stop waiting. } retry = true; System.out.print("."); // Sleep for a second before trying again. Thread.sleep(1000); } else { throw ase; } } } while (retry); System.out.println("\nAssuming production role to retrieve production session credentials."); start = System.currentTimeMillis(); do { try { prodCredentials = labCode.appMode_AssumeRole(stsClient, labVariables.getProductionRoleArn(), "prod_session"); retry = false; } catch (AmazonServiceException ase) { if (ase.getErrorCode().equals("AccessDenied")) { // If we get access denied, the policy that we created hasn't fully propagated through STS // so we need to wait and retry. This code will retry for 30 seconds before timing out. long now = System.currentTimeMillis(); if (now >= (start + 30 * 1000)) { System.out.println(); throw ase; // Stop waiting. } retry = true; System.out.print("."); // Sleep for a second before trying again. Thread.sleep(1000); } else { throw ase; } } } while (retry); System.out.println("\nCreating S3 client objects."); AmazonS3Client devS3Client = labCode.appMode_CreateS3Client(devCredentials, Lab41.region); AmazonS3Client prodS3Client = labCode.appMode_CreateS3Client(prodCredentials, Lab41.region); System.out.println("\nTesting Developer Session..."); // Create the dev credentials. BasicSessionCredentials devSession = new BasicSessionCredentials(devCredentials.getAccessKeyId(), devCredentials.getSecretAccessKey(), devCredentials.getSessionToken()); // Test services access using the dev credentials. System.out.println( " IAM: " + (optionalLabCode.appMode_TestIamAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SQS: " + (optionalLabCode.appMode_TestSqsAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SNS: " + (optionalLabCode.appMode_TestSnsAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println(" S3:"); for (String bucketName : labVariables.getBucketNames()) { testS3Client(devS3Client, bucketName); } System.out.println("\nTesting Production Session..."); // Create the prod credentials. BasicSessionCredentials prodSession = new BasicSessionCredentials(prodCredentials.getAccessKeyId(), prodCredentials.getSecretAccessKey(), prodCredentials.getSessionToken()); // Test services using the prod credentials. System.out.println( " IAM: " + (optionalLabCode.appMode_TestIamAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SQS: " + (optionalLabCode.appMode_TestSqsAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SNS: " + (optionalLabCode.appMode_TestSnsAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println(" S3:"); for (String bucketName : labVariables.getBucketNames()) { testS3Client(prodS3Client, bucketName); } }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public AmazonS3Client appMode_CreateS3Client(Credentials credentials, Region region) { AmazonS3Client s3Client;/* w ww . j av a 2 s. co m*/ // Construct a BasicSessionCredentials object using the provided credentials. BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); // Construct an an AmazonS3Client object using the basic session credentials that you just created. s3Client = new AmazonS3Client(sessionCredentials); // Set the region of the S3 client object to the provided region. s3Client.setRegion(region); // Return the S3 client object. return s3Client; }
From source file:com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.java
License:Apache License
private void initialize() { final ArrayList<String> params = new ArrayList<String>(); if (null != filterParams) { Collections.addAll(params, filterParams.split(";")); }/*from w w w. j av a 2 s . com*/ loadMapping(); if (this.credentials == null && assumeRoleArn != null) { AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceClient(); // sts_client.setEndpoint("sts-endpoint.amazonaws.com"); AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleArn(assumeRoleArn); assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession"); AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest); Credentials assumeCredentials = assumeRoleResult.getCredentials(); credentials = new BasicSessionCredentials(assumeCredentials.getAccessKeyId(), assumeCredentials.getSecretAccessKey(), assumeCredentials.getSessionToken()); } mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration); mapper.setFilterParams(params); mapper.setEndpoint(endpoint); mapper.setRunningStateOnly(runningOnly); }
From source file:com.ipcglobal.fredimportaws.TsvsToRedshift.java
License:Apache License
/** * Copy s3 files to redshift table.//from w w w .ja v a 2 s .co m * * @throws Exception the exception */ private void copyS3FilesToRedshiftTable() throws Exception { GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest(); GetSessionTokenResult getSessionTokenResult = stsClient.getSessionToken(getSessionTokenRequest); Credentials credentialsToken = getSessionTokenResult.getCredentials(); String jdbcRedshiftUrl = properties.getProperty("jdbcRedshiftUrl"); String jdbcRedshiftDriverClass = properties.getProperty("jdbcRedshiftDriverClass"); String jdbcRedshiftLogin = properties.getProperty("jdbcRedshiftLogin"); String jdbcRedshiftPassword = properties.getProperty("jdbcRedshiftPassword"); Class.forName(jdbcRedshiftDriverClass); Connection con = null; Statement statement = null; try { String tableName = properties.getProperty("tableNameFred").trim(); con = DriverManager.getConnection(jdbcRedshiftUrl, jdbcRedshiftLogin, jdbcRedshiftPassword); statement = con.createStatement(); createDatabase(statement); // just in case... // Drop/Create table (more efficient than deleting all of the rows) dropTable(statement, tableName); statement.execute(createTableStatement(tableName)); long beforeCopy = System.currentTimeMillis(); String s3SourceBucketPrefix = "s3://" + awsBucketName + "/" + awsBucketTsvPrefix + "/"; String s3Copy = "copy " + tableName + " from '" + s3SourceBucketPrefix + "' " + "CREDENTIALS 'aws_access_key_id=" + credentialsToken.getAccessKeyId().replace("\\", "\\\\") + ";" + "aws_secret_access_key=" + credentialsToken.getSecretAccessKey().replace("\\", "\\\\") + ";" + "token=" + credentialsToken.getSessionToken().replace("\\", "\\\\") + "' " + "delimiter '\\t' gzip"; statement.executeUpdate(s3Copy); } catch (Exception e) { log.error(e); throw e; } finally { try { if (statement != null && !statement.isClosed()) statement.close(); } catch (Exception e) { log.warn("Exception closing statement: " + e.getMessage()); } try { if (con != null && !con.isClosed()) con.close(); } catch (Exception e) { log.warn("Exception closing connection: " + e.getMessage()); } } }
From source file:com.netflix.eureka.aws.AwsAsgUtil.java
License:Apache License
private AutoScalingGroup retrieveAutoScalingGroupCrossAccount(String asgAccount, String asgName) { logger.debug("Getting cross account ASG for asgName: " + asgName + ", asgAccount: " + asgAccount); Credentials credentials = stsCredentials.get(asgAccount); if (credentials == null || credentials.getExpiration().getTime() < System.currentTimeMillis() + 1000) { stsCredentials.put(asgAccount, initializeStsSession(asgAccount)); credentials = stsCredentials.get(asgAccount); }//from w ww . j a v a2 s. co m ClientConfiguration clientConfiguration = new ClientConfiguration() .withConnectionTimeout(serverConfig.getASGQueryTimeoutMs()); AmazonAutoScaling autoScalingClient = new AmazonAutoScalingClient( new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()), clientConfiguration); String region = clientConfig.getRegion(); if (!region.equals("us-east-1")) { autoScalingClient.setEndpoint("autoscaling." + region + ".amazonaws.com"); } DescribeAutoScalingGroupsRequest request = new DescribeAutoScalingGroupsRequest() .withAutoScalingGroupNames(asgName); DescribeAutoScalingGroupsResult result = autoScalingClient.describeAutoScalingGroups(request); List<AutoScalingGroup> asgs = result.getAutoScalingGroups(); if (asgs.isEmpty()) { return null; } else { return asgs.get(0); } }
From source file:com.netflix.eureka.util.AwsAsgUtil.java
License:Apache License
private AutoScalingGroup retrieveAutoScalingGroupCrossAccount(String asgAccount, String asgName) { logger.debug("Getting cross account ASG for asgName: " + asgName + ", asgAccount: " + asgAccount); Credentials credentials = stsCredentials.get(asgAccount); if (credentials == null || credentials.getExpiration().getTime() < System.currentTimeMillis() + 1000) { stsCredentials.put(asgAccount, initializeStsSession(asgAccount)); credentials = stsCredentials.get(asgAccount); }//from w w w. ja v a 2 s . com ClientConfiguration clientConfiguration = new ClientConfiguration() .withConnectionTimeout(eurekaConfig.getASGQueryTimeoutMs()); AmazonAutoScaling autoScalingClient = new AmazonAutoScalingClient( new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()), clientConfiguration); String region = DiscoveryManager.getInstance().getEurekaClientConfig().getRegion(); if (!region.equals("us-east-1")) { autoScalingClient.setEndpoint("autoscaling." + region + ".amazonaws.com"); } DescribeAutoScalingGroupsRequest request = new DescribeAutoScalingGroupsRequest() .withAutoScalingGroupNames(asgName); DescribeAutoScalingGroupsResult result = autoScalingClient.describeAutoScalingGroups(request); List<AutoScalingGroup> asgs = result.getAutoScalingGroups(); if (asgs.isEmpty()) { return null; } else { return asgs.get(0); } }
From source file:com.netflix.genie.web.util.S3ClientFactory.java
License:Apache License
/** * Get an S3 client given the configuration of the system. * * @return an S3 client/*from w ww . j ava2 s. c o m*/ */ public AmazonS3 getS3Client() { if (this.assumeRole) { // TODO: It's possible this could be optimized to reuse a client that a role has already been assumed for // it would take more logic in this class and likely isn't worth it right now before we decide how // 4.x may work best. As it is now create a new client every time one is requested to assume a role // See: https://docs.aws.amazon.com/AmazonS3/latest/dev/AuthUsingTempSessionTokenJava.html final AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(this.awsCredentialsProvider) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); final AssumeRoleRequest roleRequest = new AssumeRoleRequest().withRoleArn(this.roleArn) .withRoleSessionName("Genie-" + UUID.randomUUID().toString()); final AssumeRoleResult roleResult = stsClient.assumeRole(roleRequest); final Credentials sessionCredentials = roleResult.getCredentials(); final BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); return AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)) .withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build(); } else { return this.defaultS3Client; } }
From source file:com.netflix.ice.common.AwsUtils.java
License:Apache License
/** * List all object summary with given prefix in the s3 bucket. * @param bucket// w w w. j av a 2 s . c o m * @param prefix * @return */ public static List<S3ObjectSummary> listAllObjects(String bucket, String prefix, String accountId, String assumeRole, String externalId) { AmazonS3Client s3Client = AwsUtils.s3Client; try { ListObjectsRequest request = new ListObjectsRequest().withBucketName(bucket).withPrefix(prefix); List<S3ObjectSummary> result = Lists.newLinkedList(); if (!StringUtils.isEmpty(accountId) && !StringUtils.isEmpty(assumeRole)) { Credentials assumedCredentials = getAssumedCredentials(accountId, assumeRole, externalId); s3Client = new AmazonS3Client( new BasicSessionCredentials(assumedCredentials.getAccessKeyId(), assumedCredentials.getSecretAccessKey(), assumedCredentials.getSessionToken()), clientConfig); } ObjectListing page = null; do { if (page != null) request.setMarker(page.getNextMarker()); page = s3Client.listObjects(request); result.addAll(page.getObjectSummaries()); } while (page.isTruncated()); return result; } finally { if (s3Client != AwsUtils.s3Client) s3Client.shutdown(); } }
From source file:com.netflix.ice.common.AwsUtils.java
License:Apache License
public static boolean downloadFileIfChangedSince(String bucketName, String bucketFilePrefix, File file, long milles, String accountId, String assumeRole, String externalId) { AmazonS3Client s3Client = AwsUtils.s3Client; try {// w w w. j a v a2s . co m if (!StringUtils.isEmpty(accountId) && !StringUtils.isEmpty(assumeRole)) { Credentials assumedCredentials = getAssumedCredentials(accountId, assumeRole, externalId); s3Client = new AmazonS3Client( new BasicSessionCredentials(assumedCredentials.getAccessKeyId(), assumedCredentials.getSecretAccessKey(), assumedCredentials.getSessionToken()), clientConfig); } ObjectMetadata metadata = s3Client.getObjectMetadata(bucketName, bucketFilePrefix + file.getName()); boolean download = !file.exists() || metadata.getLastModified().getTime() > milles; if (download) { return download(s3Client, bucketName, bucketFilePrefix + file.getName(), file); } else return download; } finally { if (s3Client != AwsUtils.s3Client) s3Client.shutdown(); } }
From source file:com.netflix.ice.processor.ReservationCapacityPoller.java
License:Apache License
@Override protected void poll() throws Exception { ProcessorConfig config = ProcessorConfig.getInstance(); // read from s3 if not exists File file = new File(config.localDir, "reservation_capacity.txt"); if (!file.exists()) { logger.info("downloading " + file + "..."); AwsUtils.downloadFileIfNotExist(config.workS3BucketName, config.workS3BucketPrefix, file); logger.info("downloaded " + file); }/*w ww .j a v a 2 s. c o m*/ // read from file Map<String, ReservedInstances> reservations = Maps.newTreeMap(); if (file.exists()) { BufferedReader reader = null; try { reader = new BufferedReader(new FileReader(file)); String line; while ((line = reader.readLine()) != null) { String[] tokens = line.split(","); String accountId = tokens[0]; String region = tokens[1]; String reservationId = tokens[2]; String zone = tokens[3]; Long start = Long.parseLong(tokens[4]); long duration = Long.parseLong(tokens[5]); String instanceType = tokens[6]; String productDescription = tokens[7]; int instanceCount = Integer.parseInt(tokens[8]); String offeringType = tokens[9]; String state = tokens[10]; Long end = tokens.length > 11 ? Long.parseLong(tokens[11]) : null; float fixedPrice = tokens.length > 12 ? Float.parseFloat(tokens[12]) : 0; float usagePrice = tokens.length > 13 ? Float.parseFloat(tokens[13]) : 0; ReservedInstances reservation = new ReservedInstances().withAvailabilityZone(zone) .withStart(new Date(start)).withDuration(duration).withInstanceType(instanceType) .withProductDescription(productDescription).withInstanceCount(instanceCount) .withOfferingType(offeringType).withState(state).withFixedPrice(fixedPrice) .withUsagePrice(usagePrice); if (end != null) reservation.setEnd(new Date(end)); else reservation.setEnd(new Date(start + duration * 1000)); reservations.put(accountId + "," + region + "," + reservationId, reservation); } } catch (Exception e) { logger.error("error in reading " + file, e); } finally { if (reader != null) try { reader.close(); } catch (Exception e) { } } } logger.info("read " + reservations.size() + " reservations."); for (Account account : config.accountService.getReservationAccounts().keySet()) { try { AmazonEC2Client ec2Client; String assumeRole = config.accountService.getReservationAccessRoles().get(account); if (assumeRole != null) { String externalId = config.accountService.getReservationAccessExternalIds().get(account); final Credentials credentials = AwsUtils.getAssumedCredentials(account.id, assumeRole, externalId); ec2Client = new AmazonEC2Client(new AWSSessionCredentials() { public String getAWSAccessKeyId() { return credentials.getAccessKeyId(); } public String getAWSSecretKey() { return credentials.getSecretAccessKey(); } public String getSessionToken() { return credentials.getSessionToken(); } }); } else ec2Client = new AmazonEC2Client(AwsUtils.awsCredentialsProvider.getCredentials(), AwsUtils.clientConfig); for (Region region : Region.getAllRegions()) { ec2Client.setEndpoint("ec2." + region.name + ".amazonaws.com"); try { DescribeReservedInstancesResult result = ec2Client.describeReservedInstances(); for (ReservedInstances reservation : result.getReservedInstances()) { String key = account.id + "," + region.name + "," + reservation.getReservedInstancesId(); reservations.put(key, reservation); if (reservation.getEnd() == null) reservation.setEnd(new Date( reservation.getStart().getTime() + reservation.getDuration() * 1000L)); if (reservation.getFixedPrice() == null) reservation.setFixedPrice(0f); if (reservation.getUsagePrice() == null) reservation.setUsagePrice(0f); } } catch (Exception e) { logger.error("error in describeReservedInstances for " + region.name + " " + account.name, e); } } ec2Client.shutdown(); } catch (Exception e) { logger.error("Error in describeReservedInstances for " + account.name, e); } } config.reservationService.updateEc2Reservations(reservations); updatedConfig = true; // archive to disk BufferedWriter writer = null; try { writer = new BufferedWriter(new FileWriter(file)); for (String key : reservations.keySet()) { ReservedInstances reservation = reservations.get(key); String[] line = new String[] { key, reservation.getAvailabilityZone(), reservation.getStart().getTime() + "", reservation.getDuration().toString(), reservation.getInstanceType(), reservation.getProductDescription(), reservation.getInstanceCount().toString(), reservation.getOfferingType(), reservation.getState(), reservation.getEnd().getTime() + "", reservation.getFixedPrice() + "", reservation.getUsagePrice() + "", }; writer.write(StringUtils.join(line, ",")); writer.newLine(); } } catch (Exception e) { logger.error("", e); } finally { if (writer != null) try { writer.close(); } catch (Exception e) { } } logger.info("archived " + reservations.size() + " reservations."); // archive to s3 logger.info("uploading " + file + "..."); AwsUtils.upload(config.workS3BucketName, config.workS3BucketPrefix, config.localDir, file.getName()); logger.info("uploaded " + file); }