The Spring boot auto configuration will always register an AWSCredentialsProvider making it impossible to register your own.
Adding a conditional to ContextCredentialsAutoConfiguration
@ConditionalOnMissingBean(AWSCredentialsProvider.class)
@Configuration
@Import({ContextDefaultConfigurationRegistrar.class, ContextCredentialsAutoConfiguration.Registrar.class})
public class ContextCredentialsAutoConfiguration {
would allow for something like
@Bean(name = {CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME, AmazonWebserviceClientConfigurationUtils.CREDENTIALS_PROVIDER_BEAN_NAME} )
public static AWSCredentialsProviderChain credentialsProvider(Environment environment) {
return new AWSCredentialsProviderChain(
new EnvironmentVariableCredentialsProvider(),
new SystemPropertiesCredentialsProvider(),
new ProfileCredentialsProvider(),
new InstanceProfileCredentialsProvider(),
new StaticCredentialsProvider(new BasicAWSCredentials(environment.getProperty("cloud.aws.credentials.accessKey",""),
environment.getProperty("cloud.aws.credentials.secretKey",""))));
}
It also seems that the documentation is not in line with the behavior -
the documentation state at http://cloud.spring.io/spring-cloud-aws/spring-cloud-aws.html states:
"The com.amazonaws.auth.DefaultAWSCredentialsProviderChain is used by all the clients if there is no dedicated credentials provider defined."
The ContextCredentialsAutoConfiguration seems to always create its own credentials provider - but I really _do_ want the DefaultAWSCredentialsProviderChain
Bump.
I need to use ContainerCredentialsProvider inside an ECS container to get the IAM role credentials assigned to the container.
How would I do this currently with 1.1.1?
I'm not one of the authors, @Qvazar - it seems that there's no way to avoid it registering a credentials provider factory in the bean registry with a certain name - but it _seems_ like you can at least get it to _not_ use that provider chain by making your own and marking it as @Primary
Try doing something like this:
@Bean
@Primary
public AWSCredentialsProvider awsCredentialsProvider() {
return new DefaultAWSCredentialsProviderChain();
}
The DefaultAWSCredentialsProviderChain is pretty darn good. It has several providers it wraps and one of them is the EC2ConatinerCredentialsProviderWrapper that will should pull the credentials out for you...
(In #170 I have a patch that would make this thing use the DefaultAWSCredentialsProviderChain, but in the long term I really wonder if it wouldn't be better to remove all of this stuff altogether and have people either use the DefaultAWSCredentialsProviderChain or if they need a different one have them create their own @Bean)
That seems to work great, thank you @ryangardner !
I also had to name the bean org.springframework.cloud.aws.core.credentials.CredentialsProviderFactoryBean#CREDENTIALS_PROVIDER_BEAN_NAME for mine take precedence.
Sincere request to maintainers @spencergibb to provide a way to allow to use custom awsCredentialsProvider, much more required with @Profile support for different work env
@rverma-nikiai this is a community maintained project, it is currently assigned to @aemruli
In case anyone still stumbles upon this and needs Default AWS chain, there is an option now to use it. Just set cloud.aws.credentials.useDefaultAwsCredentialsChain to true in your app properties.
See here: https://github.com/spring-cloud/spring-cloud-aws/blob/master/docs/src/main/asciidoc/spring-cloud-aws.adoc#configuring-credentials
Responding to the above comment - I had already set the above property and still needed to manually inject a @Primary default chain to get the default chain to be used.
Fixed in ee779018d38144d86a071ac708d48857b8328f37
You can provide custom credentials provider bean, it just has to have specific name:
@Bean(name = CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME)
AWSCredentialsProvider awsCredentialsProvider() {
return mock(AWSCredentialsProvider.class);
}
Where CredentialsProviderFactoryBean.CREDENTIALS_PROVIDER_BEAN_NAME has value credentialsProvider.
I was unable to get this to work in auto-configuration without still resorting to @Primary as there seems to be a second credential provider created named org.springframework.cloud.aws.core.region.RegionProvider.BEAN_NAME.
Most helpful comment
I'm not one of the authors, @Qvazar - it seems that there's no way to avoid it registering a credentials provider factory in the bean registry with a certain name - but it _seems_ like you can at least get it to _not_ use that provider chain by making your own and marking it as
@PrimaryTry doing something like this:
The
DefaultAWSCredentialsProviderChainis pretty darn good. It has several providers it wraps and one of them is theEC2ConatinerCredentialsProviderWrapperthat will should pull the credentials out for you...(In #170 I have a patch that would make this thing use the
DefaultAWSCredentialsProviderChain, but in the long term I really wonder if it wouldn't be better to remove all of this stuff altogether and have people either use theDefaultAWSCredentialsProviderChainor if they need a different one have them create their own@Bean)