Set up AWS temporary credentials and AWS Region for development (original) (raw)

To connect to any of the supported services with the AWS SDK for Java, you must provide AWS temporary credentials. The AWS SDKs and CLIs use_provider chains_ to look for AWS temporary credentials in a number of different places, including system/user environment variables and local AWS configuration files.

This topic provides basic information about setting up your AWS temporary credentials for local application development using the AWS SDK for Java. If you need to set up credentials for use within an EC2 instance or if you’re using the Eclipse IDE for development, refer to the following topics instead:

• When using an EC2 instance, create an IAM role and then give your EC2 instance access to that role as shown in Using IAM Roles to Grant Access to AWS Resources on Amazon EC2.
• Set up AWS credentials within Eclipse using the AWS Toolkit for Eclipse. See Set up AWS Credentials in the AWS Toolkit for Eclipse User Guide for more information.

Configure temporary credentials

You can configure temporary credentials for the AWS SDK for Java in a number of ways, but here are the recommended approaches:

• Set temporary credentials in the AWS credentials profile file on your local system, located at:
  • ~/.aws/credentials on Linux, macOS, or Unix
  • C:\Users\USERNAME\.aws\credentials on Windows
    See the Set up temporary credentials for the SDK in this guide for instructions on how to get your temporary credentials.
• Set the AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, andAWS_SESSION_TOKEN environment variables.
  To set these variables on Linux, macOS, or Unix, use :

export AWS_ACCESS_KEY_ID=your_access_key_id  
export AWS_SECRET_ACCESS_KEY=your_secret_access_key  
export AWS_SESSION_TOKEN=your_session_token  

To set these variables on Windows, use:

set AWS_ACCESS_KEY_ID=your_access_key_id  
set AWS_SECRET_ACCESS_KEY=your_secret_access_key  
set AWS_SESSION_TOKEN=your_session_token  

• For an EC2 instance, specify an IAM role and then give your EC2 instance access to that role. See IAM Roles for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances for a detailed discussion about how this works.

Once you have set your AWS temporary credentials using one of these methods, they will be loaded automatically by the AWS SDK for Java by using the default credential provider chain. For further information about working with AWS credentials in your Java applications, see Working with AWS Credentials.

Refreshing IMDS credentials

The AWS SDK for Java supports opt-in refreshing IMDS credentials in the background every 1 minute, regardless of the credential expiration time. This allows you to refresh credentials more frequently and reduces the chance that not reaching IMDS impacts the perceived AWS availability.

 1. // Refresh credentials using a background thread, automatically every minute. This will log an error if IMDS is down during
 2. // a refresh, but your service calls will continue using the cached credentials until the credentials are refreshed
 3. // again one minute later.
 4.
 5. InstanceProfileCredentialsProvider credentials =
 6.     InstanceProfileCredentialsProvider.createAsyncRefreshingProvider(true);
 7.
 8. AmazonS3Client.builder()
 9.              .withCredentials(credentials)
 10.              .build();
 11.
 12. // This is new: When you are done with the credentials provider, you must close it to release the background thread.
 13. credentials.close();

Set the AWS Region

You should set a default AWS Region that will be used for accessing AWS services with the AWS SDK for Java. For the best network performance, choose a region that’s geographically close to you (or to your customers). For a list of regions for each service, see Regions and Endpoints in the Amazon Web Services General Reference.

Note

If you don’t select a region, then us-east-1 will be used by default.

You can use similar techniques to setting credentials to set your default AWS region:

• Set the AWS Region in the AWS config file on your local system, located at:
  • ~/.aws/config on Linux, macOS, or Unix
  • C:\Users\USERNAME\.aws\config on Windows
    This file should contain lines in the following format:

[default]  
region = your_aws_region  

• Substitute your desired AWS Region (for example, "us-east-1") for your_aws_region.

• Set the AWS_REGION environment variable.
  On Linux, macOS, or Unix, use `` :

export AWS_REGION=your_aws_region  

On Windows, use `` :

set AWS_REGION=your_aws_region  

Where your_aws_region is the desired AWS Region name.