-
-
Save scovl/f122ebe080a49b24bc82dddf434c730e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.amazonaws.auth.AWSStaticCredentialsProvider; | |
import com.amazonaws.auth.BasicSessionCredentials; | |
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider; | |
import com.amazonaws.regions.Regions; | |
import com.amazonaws.services.securitytoken.AWSSecurityTokenService; | |
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder; | |
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest; | |
import com.amazonaws.services.securitytoken.model.AssumeRoleResult; | |
import io.kubernetes.client.openapi.ApiClient; | |
import io.kubernetes.client.openapi.Configuration; | |
import io.kubernetes.client.util.Config; | |
import java.io.IOException; | |
public class KubernetesSTSAuthExample { | |
public static void main(String[] args) throws IOException { | |
// Configure the AWS SDK with your credentials | |
String accessKeyId = "<YOUR_ACCESS_KEY_ID>"; | |
String secretAccessKey = "<YOUR_SECRET_ACCESS_KEY>"; | |
String sessionToken = "<YOUR_SESSION_TOKEN>"; | |
AWSStaticCredentialsProvider awsCredentialsProvider = new AWSStaticCredentialsProvider( | |
new BasicSessionCredentials(accessKeyId, secretAccessKey, sessionToken) | |
); | |
// Assume the role in the target account | |
String roleArn = "arn:aws:iam::TARGET_ACCOUNT_ID:role/TARGET_ROLE_NAME"; | |
String roleSessionName = "SESSION_NAME"; | |
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() | |
.withCredentials(awsCredentialsProvider) | |
.withRegion(Regions.DEFAULT_REGION) | |
.build(); | |
AssumeRoleRequest assumeRequest = new AssumeRoleRequest() | |
.withRoleArn(roleArn) | |
.withRoleSessionName(roleSessionName); | |
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); | |
BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials( | |
assumeResult.getCredentials().getAccessKeyId(), | |
assumeResult.getCredentials().getSecretAccessKey(), | |
assumeResult.getCredentials().getSessionToken() | |
); | |
// Configure the Kubernetes client with the temporary credentials | |
ApiClient client = Config.defaultClient(); | |
Configuration.setDefaultApiClient(client); | |
client.setCredentialsProvider(new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, roleSessionName) | |
.withStsClient(stsClient) | |
.withCredentials(temporaryCredentials) | |
.build()); | |
// Now you can use the Kubernetes client to interact with the target cluster | |
// ... | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment