Skip to content

Add aws default credentials provider #3837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ianwow wants to merge 2 commits into from
Closed

Add aws default credentials provider #3837

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc188a3
add AWS default credentials provider
ianwow Mar 15, 2025
2a950f1
add AWS default credentials provider
ianwow Mar 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 44 additions & 13 deletions src/main/java/org/prebid/server/spring/config/SettingsConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,14 @@
import lombok.NoArgsConstructor;
import lombok.experimental.UtilityClass;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.prebid.server.activity.ActivitiesConfigResolver;
import org.prebid.server.execution.timeout.TimeoutFactory;
import org.prebid.server.floors.PriceFloorsConfigResolver;
import org.prebid.server.json.JacksonMapper;
import org.prebid.server.json.JsonMerger;
import org.prebid.server.log.Logger;
import org.prebid.server.log.LoggerFactory;
import org.prebid.server.metric.MetricName;
import org.prebid.server.metric.Metrics;
import org.prebid.server.settings.ApplicationSettings;
Expand Down Expand Up @@ -40,9 +43,12 @@
import org.springframework.stereotype.Component;
import org.springframework.validation.annotation.Validated;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.S3AsyncClientBuilder;

import javax.validation.constraints.Min;
import javax.validation.constraints.NotBlank;
Expand All @@ -57,6 +63,7 @@

@UtilityClass
public class SettingsConfiguration {
private static final Logger logger = LoggerFactory.getLogger(SettingsConfiguration.class);

@Configuration
@ConditionalOnProperty(prefix = "settings.filesystem",
Expand Down Expand Up @@ -233,17 +240,27 @@ static class S3SettingsConfiguration {

@Component
@ConfigurationProperties(prefix = "settings.s3")
@ConditionalOnProperty(prefix = "settings.s3", name = {"accessKeyId", "secretAccessKey"})
@Validated
@Data
@NoArgsConstructor
protected static class S3ConfigurationProperties {

@NotBlank
/**
* If accessKeyId and secretAccessKey are provided in the
* configuration file then they will be used. Otherwise, the
* DefaultCredentialsProvider will look for credentials in this order:
*
* - Java System Properties
* - Environment Variables
* - Web Identity Token
* - AWS credentials file (~/.aws/credentials)
* - ECS container credentials
* - EC2 instance profile
*/
private String accessKeyId;

@NotBlank
private String secretAccessKey;
private boolean useStaticCredentials() {
return StringUtils.isNotBlank(accessKeyId) && StringUtils.isNotBlank(secretAccessKey);
}

/**
* If not provided AWS_GLOBAL will be used as a region
Expand Down Expand Up @@ -274,20 +291,34 @@ protected static class S3ConfigurationProperties {

@Bean
S3AsyncClient s3AsyncClient(S3ConfigurationProperties s3ConfigurationProperties) throws URISyntaxException {
final AwsBasicCredentials credentials = AwsBasicCredentials.create(
s3ConfigurationProperties.getAccessKeyId(),
s3ConfigurationProperties.getSecretAccessKey());
final Region awsRegion = Optional.ofNullable(s3ConfigurationProperties.getRegion())
.map(Region::of)
.orElse(Region.AWS_GLOBAL);

return S3AsyncClient
.builder()
.credentialsProvider(StaticCredentialsProvider.create(credentials))
S3AsyncClientBuilder clientBuilder = S3AsyncClient.builder()
.endpointOverride(new URI(s3ConfigurationProperties.getEndpoint()))
.forcePathStyle(s3ConfigurationProperties.getForcePathStyle())
.region(awsRegion)
.build();
.region(awsRegion);
AwsCredentialsProvider credentialsProvider;

if (s3ConfigurationProperties.useStaticCredentials()) {
final AwsBasicCredentials basicCredentials = AwsBasicCredentials.create(
s3ConfigurationProperties.getAccessKeyId(),
s3ConfigurationProperties.getSecretAccessKey());
credentialsProvider = StaticCredentialsProvider.create(basicCredentials);
} else {
credentialsProvider = DefaultCredentialsProvider.create();
}

try {
credentialsProvider.resolveCredentials();
} catch (Exception e) {
logger.error("Failed to resolve AWS credentials", e);
}
logger.info("Resolved AWS credentials from {}", credentialsProvider.resolveCredentials().providerName());
clientBuilder.credentialsProvider(credentialsProvider);

return clientBuilder.build();
}

@Bean
Expand Down