{"id":1830,"date":"2025-01-19T17:10:49","date_gmt":"2025-01-19T09:10:49","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=1830"},"modified":"2025-01-19T17:14:02","modified_gmt":"2025-01-19T09:14:02","slug":"credential-settings-retrieval-order","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=1830","title":{"rendered":"Credential settings retrieval order"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.fanyamin.com\/wordpress\/wp-content\/uploads\/2025\/01\/image-1737277824995.png\" alt=\"file\" \/><\/p>\n<pre><code>@startuml\nstart\nfloating note: Credential settings retrieval order\n: 1. Java system properties;\n: 2. environment variables;\n: 3. web identity token from AWS STS;\n: 4. the shared\u00a0credentials\u00a0and\u00a0config\u00a0files;\n: 5. Amazon ECS container credentials;\n: 6. Amazon EC2 instance IAM role-provided credentials;\n\nend\n@enduml<\/code><\/pre>\n<p>The default credentials provider chain of the SDK for Java 2.x searches for configuration in your environment using a predefined sequence.<\/p>\n<h2>1. Java system properties<\/h2>\n<p>The SDK uses the SystemPropertyCredentialsProvider class to load temporary credentials from the aws.accessKeyId, aws.secretAccessKey, and aws.sessionToken Java system properties.<\/p>\n<p>Note<br \/>\nFor information on how to set Java system properties, see the System Properties tutorial on the official Java Tutorials website.<\/p>\n<h2>2. Environment variables<\/h2>\n<p>The SDK uses the EnvironmentVariableCredentialsProvider class to load temporary credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables.<\/p>\n<h2>3. Web identity token from AWS Security Token Service<\/h2>\n<p>The SDK uses the WebIdentityTokenFileCredentialsProvider class to load temporary credentials from Java system properties or environment variables.<\/p>\n<h2>4. The shared credentials and config files<\/h2>\n<p>The SDK uses the ProfileCredentialsProvider to load IAM Identity Center single sign-on settings or temporary credentials from the [default] profile in the shared credentials and config files.<\/p>\n<p>The AWS SDKs and Tools Reference Guide has detailed information about how the SDK for Java works with the IAM Identity Center single sign-on token to get temporary credentials that the SDK uses to call AWS services.<\/p>\n<p>Note<br \/>\nThe credentials and config files are shared by various AWS SDKs and Tools. For more information, see The .aws\/credentials and .aws\/config files in the AWS SDKs and Tools Reference Guide.<\/p>\n<h2>5. Amazon ECS container credentials<\/h2>\n<p>The SDK uses the ContainerCredentialsProvider class to load temporary credentials from the following environment variables:<\/p>\n<pre><code>AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or AWS_CONTAINER_CREDENTIALS_FULL_URI\n\nAWS_CONTAINER_AUTHORIZATION_TOKEN_FILE or AWS_CONTAINER_AUTHORIZATION_TOKEN<\/code><\/pre>\n<h2>6. Amazon EC2 instance IAM role-provided credentials<\/h2>\n<p>The SDK uses the InstanceProfileCredentialsProvider class to load temporary credentials from the Amazon EC2 metadata service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>@startuml start floating note: Credential settings retrieval order : 1. Java system properties; : 2. environment variables; : 3. web identity token from AWS STS; : 4. the shared\u00a0credentials\u00a0and\u00a0config\u00a0files; : 5. Amazon ECS container credentials; : 6. Amazon EC2 instance IAM role-provided credentials; end @enduml The default credentials provider chain of the SDK for Java [&hellip;] <a class=\"read-more\" href=\"https:\/\/www.fanyamin.com\/wordpress\/?p=1830\" title=\"Permanent Link to: Credential settings retrieval order\">&rarr;Read&nbsp;more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1830","post","type-post","status-publish","format-standard","hentry","category-5"],"_links":{"self":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1830"}],"collection":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1830"}],"version-history":[{"count":2,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1830\/revisions"}],"predecessor-version":[{"id":1833,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1830\/revisions\/1833"}],"wp:attachment":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}