Skip to content
This repository was archived by the owner on Jan 19, 2022. It is now read-only.

Add ability to configure your own AWSCredentialsProvider #102

Closed
peterox opened this issue Sep 30, 2015 · 12 comments
Closed

Add ability to configure your own AWSCredentialsProvider #102

peterox opened this issue Sep 30, 2015 · 12 comments
Assignees
@maciejwalkowiak
Labels
component: core An issue related to core functionality - credentials, region resolution type: enhancement A general enhancement
Milestone
2.3

Comments

@peterox
Copy link

peterox commented Sep 30, 2015

The Spring boot auto configuration will always register an AWSCredentialsProvider making it impossible to register your own.

Adding a conditional to ContextCredentialsAutoConfiguration

@ConditionalOnMissingBean(AWSCredentialsProvider.class)
@Configuration
@Import({ContextDefaultConfigurationRegistrar.class, ContextCredentialsAutoConfiguration.Registrar.class})
public class ContextCredentialsAutoConfiguration {

would allow for something like

    @Bean(name = {CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME, AmazonWebserviceClientConfigurationUtils.CREDENTIALS_PROVIDER_BEAN_NAME} )
    public static AWSCredentialsProviderChain credentialsProvider(Environment environment) {
        return new AWSCredentialsProviderChain(
                new EnvironmentVariableCredentialsProvider(),
                new SystemPropertiesCredentialsProvider(),
                new ProfileCredentialsProvider(),
                new InstanceProfileCredentialsProvider(),
                new StaticCredentialsProvider(new BasicAWSCredentials(environment.getProperty("cloud.aws.credentials.accessKey",""),
                        environment.getProperty("cloud.aws.credentials.secretKey",""))));
    }
@aemruli aemruli self-assigned this Oct 13, 2015
@aemruli aemruli added this to the 1.1.0 m2 milestone Oct 13, 2015
@aemruli aemruli added the type: feature A new feature label Oct 13, 2015
@aemruli aemruli modified the milestones: 1.1.0.m2, 1.1.0 m1 Nov 1, 2015
@dsyer dsyer removed this from the 1.1.0.M2 milestone Mar 7, 2016
@aemruli aemruli added this to the 1.2.0 milestone Jul 15, 2016
@ryangardner
Copy link
Contributor

It also seems that the documentation is not in line with the behavior -

the documentation state at http://cloud.spring.io/spring-cloud-aws/spring-cloud-aws.html states:

"The com.amazonaws.auth.DefaultAWSCredentialsProviderChain is used by all the clients if there is no dedicated credentials provider defined."

The ContextCredentialsAutoConfiguration seems to always create its own credentials provider - but I really do want the DefaultAWSCredentialsProviderChain

@Qvazar
Copy link

Qvazar commented Sep 20, 2016

Bump.
I need to use ContainerCredentialsProvider inside an ECS container to get the IAM role credentials assigned to the container.
How would I do this currently with 1.1.1?

@ryangardner
Copy link
Contributor

I'm not one of the authors, @Qvazar - it seems that there's no way to avoid it registering a credentials provider factory in the bean registry with a certain name - but it seems like you can at least get it to not use that provider chain by making your own and marking it as @Primary

Try doing something like this:

    @Bean
    @Primary
    public AWSCredentialsProvider awsCredentialsProvider() {
        return new DefaultAWSCredentialsProviderChain();
    }

The DefaultAWSCredentialsProviderChain is pretty darn good. It has several providers it wraps and one of them is the EC2ConatinerCredentialsProviderWrapper that will should pull the credentials out for you...

(In #170 I have a patch that would make this thing use the DefaultAWSCredentialsProviderChain, but in the long term I really wonder if it wouldn't be better to remove all of this stuff altogether and have people either use the DefaultAWSCredentialsProviderChain or if they need a different one have them create their own @Bean)

@Qvazar
Copy link

Qvazar commented Sep 21, 2016

That seems to work great, thank you @ryangardner !

@spencergibb spencergibb modified the milestones: 1.2.0.M1, 1.2.0 Jan 26, 2017
@spencergibb spencergibb modified the milestones: 1.2.0, Backlog Apr 6, 2017
@DanielThomas
Copy link

I also had to name the bean org.springframework.cloud.aws.core.credentials.CredentialsProviderFactoryBean#CREDENTIALS_PROVIDER_BEAN_NAME for mine take precedence.

@rverma-nikiai
Copy link

Sincere request to maintainers @spencergibb to provide a way to allow to use custom awsCredentialsProvider, much more required with @Profile support for different work env

@spencergibb
Copy link
Contributor

@rverma-nikiai this is a community maintained project, it is currently assigned to @aemruli

@samuel-kogneos
Copy link

In case anyone still stumbles upon this and needs Default AWS chain, there is an option now to use it. Just set cloud.aws.credentials.useDefaultAwsCredentialsChain to true in your app properties.

See here: https://github.com/spring-cloud/spring-cloud-aws/blob/master/docs/src/main/asciidoc/spring-cloud-aws.adoc#configuring-credentials

@bzethmayr
Copy link

Responding to the above comment - I had already set the above property and still needed to manually inject a @primary default chain to get the default chain to be used.

MatMoore added a commit to ministryofjustice/laa-nolasa that referenced this issue Feb 4, 2019
@MatMoore
Allow AWS credentials to be provided in the environment
c585f28 
This is part of the configuration for shipping metrics to cloudwatch.

By default the library seems to look for profiles on the filesystem,
which doesn't work with docker. However the AWS client library ships
with a DefaultAWSCredentialProviderChain which seems to do the right
thing. See spring-attic/spring-cloud-aws#102

The environment variables needed are AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY.

Note that when running locally, we need to pass these environment
variables to docker-compose.
Mian-MOJ pushed a commit to ministryofjustice/laa-nolasa that referenced this issue Apr 18, 2019
@MatMoore
Allow AWS credentials to be provided in the environment
b7a532a 
This is part of the configuration for shipping metrics to cloudwatch.

By default the library seems to look for profiles on the filesystem,
which doesn't work with docker. However the AWS client library ships
with a DefaultAWSCredentialProviderChain which seems to do the right
thing. See spring-attic/spring-cloud-aws#102

The environment variables needed are AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY.

Note that when running locally, we need to pass these environment
variables to docker-compose.
@internetstaff internetstaff mentioned this issue May 30, 2019
Closed
@maciejwalkowiak maciejwalkowiak modified the milestones: Backlog, 2.3 Jun 4, 2020
@maciejwalkowiak maciejwalkowiak removed the type: feature A new feature label Jun 4, 2020
@maciejwalkowiak maciejwalkowiak added component: core An issue related to core functionality - credentials, region resolution type: enhancement A general enhancement labels Jun 4, 2020
This was referenced Jun 6, 2020
Closed
Closed
@eduardo-bueno-ifood eduardo-bueno-ifood mentioned this issue Jun 11, 2020
Closed
@maciejwalkowiak maciejwalkowiak added the status: in-progress An issue that being worked on label Jun 11, 2020
@maciejwalkowiak
Copy link
Contributor

Fixed in ee77901

@maciejwalkowiak maciejwalkowiak removed the status: in-progress An issue that being worked on label Jun 11, 2020
@maciejwalkowiak
Copy link
Contributor

You can provide custom credentials provider bean, it just has to have specific name:

@Bean(name = CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME)
AWSCredentialsProvider awsCredentialsProvider() {
    return mock(AWSCredentialsProvider.class);
}

Where CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME has value credentialsProvider.

@internetstaff
Copy link

I was unable to get this to work in auto-configuration without still resorting to @Primary as there seems to be a second credential provider created named org.springframework.cloud.aws.core.region.RegionProvider.BEAN_NAME.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@maciejwalkowiak maciejwalkowiak

Labels
component: core An issue related to core functionality - credentials, region resolution type: enhancement A general enhancement
Milestone
2.3
Development

No branches or pull requests