Reputation: 3955
Embedding AWS IAM credentials in the code with the Java SDK
I am using the Java AWS IoT SDK, and i'm I'm stuck with a problem whereby I have to embed my AWS IAM access key and secret key credentials into my Java application code on my devices.
The credentials are just used initially to create the client in my code, then X.509 certificates are used after for the MQTT authentication and communication. .
I've heard of a way to avoid the need of embedding IAM credentials in the code by using AWSCredentialsProvider with tokens etc. However, I don't see any actual examples of how to achieve this without embedding credentials. Below is a snippet of my code showing how I create the client object using the credentials. Thanks.
String AWS_ACCESSKEY = "AKXXXXXXXXXXXXX"; // not real key
String AWS_SECRETKEY = "ABCXXXXXXXXXXXXXXXXXXXXXX"; // not real key
Regions AWS_REGION = Regions.US_EAST_2;
AWSIot client = AWSIotClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new
BasicAWSCredentials(AWS_ACCESSKEY, AWS_SECRETKEY))).withRegion(AWS_REGION).build();
Upvotes: 1
Views: 1686
Answers (3)
Reputation: 116
You can pass this credentials to normal application.properties file.
You just need to do 2 things.
- Create public class AwsCredentials with annotations @ConfigurationProperties and @Configuration.
- Pass Your access and secret to application.properties file
You can read more in this tutorial : click
Next when You want to use this properties in builder You need to call it like this:
AWSIot client = AWSIotClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials(
this.awsCredentials.getAccessKey(),
this.awsCredentials.getSecretKey()
)
)
)
.withRegion(AWS_REGION)
.build();
PS. You can export region to properties too.
Upvotes: 2
Reputation: 1781
To get credentials to access AWS IoT (or other services) you could get temporary security credentials from Cognito Identity Pool. You can find the simplest way and steps needed to do get credentials here.
Also consider that, to get idToken (JWT) from Cognito user pool and then access and secret token Cognito Identity pool, you need to use AWS Java SDK in your mobile or desktop application. You can find more information about AWS JAVA SDK here and some samples here, here, .
Upvotes: 0
Reputation: 23
You can use temporary security credentials instead of actual access keys. Do check this link. https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html
Upvotes: 0
Related Questions
- AWS SDK for Java v2 is unable to load credentials from EC2 instance
- Using Basic Credentials to make IamClient requests
- AWS JAVA SDK - Can i programmatically access other services using aws sdk running inside same aws account without hard coding credentials?
- How to set AWS Container Credentials using AWS Java SDK
- Getting temporary AWS credentials using Java SDK2
- How to Get AWS IAM credentials of the ECS Instance its running within - using Java?
- AWS Java SDK credentials
- aws-java-sdk get temporary credentials for non aws environment
- Validate IAM User Credentials
- Including AWS credentials with JAR file