STSAssumeRoleSessionCredentialsProvider (AWS SDK for Java

java.lang.Object
- com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider

All Implemented Interfaces:

AWSCredentialsProvider, AWSSessionCredentialsProvider, Closeable, AutoCloseable
```
@ThreadSafe
public class STSAssumeRoleSessionCredentialsProvider
extends Object
implements AWSSessionCredentialsProvider, Closeable
```
AWSCredentialsProvider implementation that uses the AWS Security Token Service to assume a Role and create temporary, short-lived sessions to use for authentication. This credentials provider uses a background thread to refresh credentials. This background thread can be shut down via the close() method when the credentials provider is no longer used. You can also specify a custom ExecutorService to refresh the credentials. See STSAssumeRoleSessionCredentialsProvider.Builder.withAsyncRefreshExecutor(java.util.concurrent.ExecutorService). Note that the custom executor service must be shut down when it is ready to be disposed. The SDK will not close it when the credential provider is closed.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`STSAssumeRoleSessionCredentialsProvider.Builder` Provides a builder pattern to avoid combinatorial explosion of the number of parameters that are passed to constructors.

Field Summary

Fields
Modifier and Type Field and Description

static int DEFAULT_DURATION_SECONDS
Default duration for started sessions.

Fields
Modifier and Type	Field and Description
`static int`	`DEFAULT_DURATION_SECONDS` Default duration for started sessions.

Constructor Summary

Constructors
Constructor and Description
`STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName)` Deprecated. Use the `STSAssumeRoleSessionCredentialsProvider.Builder` instead.
`STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration)` Deprecated. Use the `STSAssumeRoleSessionCredentialsProvider.Builder` instead.
`STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName)` Deprecated. Use the `STSAssumeRoleSessionCredentialsProvider.Builder` instead.
`STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials, String roleArn, String roleSessionName, ClientConfiguration clientConfiguration)` Deprecated. Use the `STSAssumeRoleSessionCredentialsProvider.Builder` instead.
`STSAssumeRoleSessionCredentialsProvider(String roleArn, String roleSessionName)` Deprecated. Use the `STSAssumeRoleSessionCredentialsProvider.Builder` instead.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`void`	`close()` Shut down this credentials provider, shutting down the thread that performs asynchronous credential refreshing.
`AWSSessionCredentials`	`getCredentials()` Returns AWSCredentials which the caller can use to authorize an AWS request.
`void`	`refresh()` Forces this credentials provider to refresh its credentials.
`void`	`setSTSClientEndpoint(String endpoint)` Deprecated. This method may be removed in a future major version. Create multiple providers if you need to work with multiple STS endpoints.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DEFAULT_DURATION_SECONDS
```
public static final int DEFAULT_DURATION_SECONDS
```
    Default duration for started sessions.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - STSAssumeRoleSessionCredentialsProvider
```
@Deprecated
public STSAssumeRoleSessionCredentialsProvider(String roleArn,
                                                           String roleSessionName)
```
    Deprecated. Use the STSAssumeRoleSessionCredentialsProvider.Builder instead.
    
    Constructs a new STSAssumeRoleSessionCredentialsProvider, which makes a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
    
    Parameters:
    
    roleArn - The ARN of the Role to be assumed.
    
    roleSessionName - An identifier for the assumed role session.
  - STSAssumeRoleSessionCredentialsProvider
```
@Deprecated
public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
                                                           String roleArn,
                                                           String roleSessionName)
```
    Deprecated. Use the STSAssumeRoleSessionCredentialsProvider.Builder instead.
    
    Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
    
    Parameters:
    
    longLivedCredentials - The main AWS credentials for a user's account.
    
    roleArn - The ARN of the Role to be assumed.
    
    roleSessionName - An identifier for the assumed role session.
  - STSAssumeRoleSessionCredentialsProvider
```
@Deprecated
public STSAssumeRoleSessionCredentialsProvider(AWSCredentials longLivedCredentials,
                                                           String roleArn,
                                                           String roleSessionName,
                                                           ClientConfiguration clientConfiguration)
```
    Deprecated. Use the STSAssumeRoleSessionCredentialsProvider.Builder instead.
    
    Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified long lived AWS credentials to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
    
    Parameters:
    
    longLivedCredentials - The main AWS credentials for a user's account.
    
    roleArn - The ARN of the Role to be assumed.
    
    roleSessionName - An identifier for the assumed role session.
    
    clientConfiguration - Client configuration connection parameters.
  - STSAssumeRoleSessionCredentialsProvider
```
@Deprecated
public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
                                                           String roleArn,
                                                           String roleSessionName)
```
    Deprecated. Use the STSAssumeRoleSessionCredentialsProvider.Builder instead.
    
    Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), usess the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
    
    Parameters:
    
    longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.
    
    roleArn - The ARN of the Role to be assumed.
    
    roleSessionName - An identifier for the assumed role session.
  - STSAssumeRoleSessionCredentialsProvider
```
@Deprecated
public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,
                                                           String roleArn,
                                                           String roleSessionName,
                                                           ClientConfiguration clientConfiguration)
```
    Deprecated. Use the STSAssumeRoleSessionCredentialsProvider.Builder instead.
    
    Constructs a new STSAssumeRoleSessionCredentialsProvider, which will use the specified credentials provider (which vends long lived AWS credentials) to make a request to the AWS Security Token Service (STS), uses the provided roleArn to assume a role and then request short lived session credentials, which will then be returned by this class's getCredentials() method.
    
    Parameters:
    
    longLivedCredentialsProvider - Credentials provider for the main AWS credentials for a user's account.
    
    roleArn - The ARN of the Role to be assumed.
    
    roleSessionName - An identifier for the assumed role session.
    
    clientConfiguration - Client configuration connection parameters.
- Method Detail
  - setSTSClientEndpoint
```
@Deprecated
public void setSTSClientEndpoint(String endpoint)
```
    Deprecated. This method may be removed in a future major version. Create multiple providers if you need to work with multiple STS endpoints.
    
    Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved from.
    The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for GovCloud.
    Setting this invalidates existing session credentials.
  - getCredentials
```
public AWSSessionCredentials getCredentials()
```
    Description copied from interface: AWSCredentialsProvider
    
    Returns AWSCredentials which the caller can use to authorize an AWS request. Each implementation of AWSCredentialsProvider can chose its own strategy for loading credentials. For example, an implementation might load credentials from an existing key management system, or load new credentials when credentials are rotated.
    
    Specified by:
    
    getCredentials in interface AWSCredentialsProvider
    
    Specified by:
    
    getCredentials in interface AWSSessionCredentialsProvider
    
    Returns:
    
    AWSCredentials which the caller can use to authorize an AWS request.
  - refresh
```
public void refresh()
```
    Description copied from interface: AWSCredentialsProvider
    
    Forces this credentials provider to refresh its credentials. For many implementations of credentials provider, this method may simply be a no-op, such as any credentials provider implementation that vends static/non-changing credentials. For other implementations that vend different credentials through out their lifetime, this method should force the credentials provider to refresh its credentials.
    
    Specified by:
    
    refresh in interface AWSCredentialsProvider
  - close
```
public void close()
```
    Shut down this credentials provider, shutting down the thread that performs asynchronous credential refreshing. This should not be invoked if the credentials provider is still in use by an AWS client.
    
    Specified by:
    
    close in interface Closeable
    
    Specified by:
    
    close in interface AutoCloseable

AWS SDK for Java 1.x API Reference - 1.12.792

Class STSAssumeRoleSessionCredentialsProvider

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_DURATION_SECONDS

Constructor Detail

STSAssumeRoleSessionCredentialsProvider

STSAssumeRoleSessionCredentialsProvider

STSAssumeRoleSessionCredentialsProvider

STSAssumeRoleSessionCredentialsProvider

STSAssumeRoleSessionCredentialsProvider

Method Detail

setSTSClientEndpoint

getCredentials

refresh

close