Java Code Examples for com.amazonaws.services.securitytoken.AWSSecurityTokenService#getCallerIdentity()
The following examples show how to use
com.amazonaws.services.securitytoken.AWSSecurityTokenService#getCallerIdentity() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: IAMPolicyManager.java From strongbox with Apache License 2.0 | 5 votes |
|
public static String getAccount(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
AWSSecurityTokenService client = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(awsCredentialsProvider)
.withClientConfiguration(transformAndVerifyOrThrow(clientConfiguration))
.withRegion(RegionResolver.getRegion())
.build();
GetCallerIdentityRequest request = new GetCallerIdentityRequest();
GetCallerIdentityResult result = client.getCallerIdentity(request);
return result.getAccount();
}
Example 2
| Source File: AWSIdentityStep.java From pipeline-aws-plugin with Apache License 2.0 | 5 votes |
|
@Override
protected Map<String, String> run() throws Exception {
AWSSecurityTokenService sts = AWSClientFactory.create(AWSSecurityTokenServiceClientBuilder.standard(), this.getContext());
GetCallerIdentityResult identity = sts.getCallerIdentity(new GetCallerIdentityRequest());
this.getContext().get(TaskListener.class).getLogger().format("Current AWS identity: %s - %s - %s %n", identity.getAccount(), identity.getUserId(), identity.getArn());
Map<String, String> info = new HashMap<>();
info.put("account", identity.getAccount());
info.put("user", identity.getUserId());
info.put("arn", identity.getArn());
return info;
}
Example 3
| Source File: InstanceAWSProvider.java From athenz with Apache License 2.0 | 5 votes |
|
boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {
GetCallerIdentityRequest req = new GetCallerIdentityRequest();
try {
AWSSecurityTokenService client = getInstanceClient(info);
if (client == null) {
LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
return false;
}
GetCallerIdentityResult res = client.getCallerIdentity(req);
if (res == null) {
LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
return false;
}
String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
if (!res.getArn().startsWith(arn)) {
LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}",
arn, res.getArn());
return false;
}
return true;
} catch (Exception ex) {
LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}",
ex.getMessage());
return false;
}
}
Example 4
| Source File: AmazonS3Config.java From ReCiter with Apache License 2.0 | 5 votes |
|
private String getAccountIDUsingAccessKey(String accessKey, String secretKey) {
AWSSecurityTokenService stsService = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(
new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey))).build();
GetCallerIdentityResult callerIdentity = stsService.getCallerIdentity(new GetCallerIdentityRequest());
return callerIdentity.getAccount();
}
Example 5
| Source File: AwsIdentityService.java From cloudbreak with Apache License 2.0 | 5 votes |
|
private String getAccountIdUsingAccessKey(String region, String accessKey, String secretKey) {
AWSSecurityTokenService stsService = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(region)
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
.build();
GetCallerIdentityResult callerIdentity = stsService.getCallerIdentity(new GetCallerIdentityRequest());
return callerIdentity.getAccount();
}
Example 6
| Source File: AwsCredentialVerifier.java From cloudbreak with Apache License 2.0 | 5 votes |
|
@Cacheable(value = AwsCredentialCachingConfig.TEMPORARY_AWS_CREDENTIAL_VERIFIER_CACHE,
unless = "#awsCredential == null")
public void validateAws(AwsCredentialView awsCredential) throws AwsPermissionMissingException {
String policies = new String(Base64.getDecoder().decode(awsPlatformParameters.getCredentialPoliciesJson()));
try {
Map<String, List<String>> resourcesWithActions = getRequiredActions(policies);
AmazonIdentityManagement amazonIdentityManagement = awsClient.createAmazonIdentityManagement(awsCredential);
AWSSecurityTokenService awsSecurityTokenService = awsClient.createAwsSecurityTokenService(awsCredential);
String arn;
if (awsCredential.getRoleArn() != null) {
arn = awsCredential.getRoleArn();
} else {
GetCallerIdentityResult callerIdentity = awsSecurityTokenService.getCallerIdentity(new GetCallerIdentityRequest());
arn = callerIdentity.getArn();
}
List<String> failedActionList = new ArrayList<>();
for (Map.Entry<String, List<String>> resourceAndAction : resourcesWithActions.entrySet()) {
SimulatePrincipalPolicyRequest simulatePrincipalPolicyRequest = new SimulatePrincipalPolicyRequest();
simulatePrincipalPolicyRequest.setPolicySourceArn(arn);
simulatePrincipalPolicyRequest.setActionNames(resourceAndAction.getValue());
simulatePrincipalPolicyRequest.setResourceArns(Collections.singleton(resourceAndAction.getKey()));
SimulatePrincipalPolicyResult simulatePrincipalPolicyResult = amazonIdentityManagement.simulatePrincipalPolicy(simulatePrincipalPolicyRequest);
simulatePrincipalPolicyResult.getEvaluationResults().stream()
.filter(evaluationResult -> evaluationResult.getEvalDecision().toLowerCase().contains("deny"))
.map(evaluationResult -> evaluationResult.getEvalActionName() + ":" + evaluationResult.getEvalResourceName())
.forEach(failedActionList::add);
}
if (!failedActionList.isEmpty()) {
throw new AwsPermissionMissingException(String.format("CDP Credential '%s' doesn't have permission for these actions which are required: %s",
awsCredential.getName(), failedActionList));
}
} catch (IOException e) {
throw new IllegalStateException("Can not parse aws policy json", e);
}
}
