ContainerCredentialsProvider (AWS SDK for Java (original) (raw)

AWSCredentialsProvider implementation that loads credentials from a local metadata service.

Currently supported containers:

• Amazon Elastic Container Service (ECS)
• Amazon Elastic Kubernetes Service (EKS)
• AWS Greengrass

The URI path is retrieved from the environment variable "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" or "AWS_CONTAINER_CREDENTIALS_FULL_URI" in the container's environment. Resolving to use relative or absolute path is the role of EC2ContainerCredentialsProviderWrapper.

Full (absolute) URI configuration

For absolute paths, only loopback hosts are allowed when using HTTP, including known endpoints for ECS and EKS. All HTTPS endpoints are allowed.

IPv6 addresses are supported when setting the "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE" environment variable.

Optionally, an authorization token can be included in the "Authorization" header of the request. There are two ways of providing the token, in order of priority:

• Setting the "AWS_CONTAINER_AUTHORIZATION_TOKEN" environment variable
• Entering the token into a file and providing the path to it using the "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" environment variable. Note that the token content will be used as-is.

.

Migrating to the AWS SDK for Java v2

The v2 equivalent of this class isContainerCredentialsProvider

See Migration Guide for more information.