It is written with reference to aws-sdk-java 1.11.179.
By default, the AWS SDK for Java reads credentials from various locations. [JavaDoc for DefaultAWSCredentialsProviderChain](https://github.com/aws/aws-sdk-java/blob/1.11.179/aws-java-sdk-core/src/main/java/com/amazonaws/auth/DefaultAWSCredentialsProviderChain. If you look at java # L19-L38), it says quite a bit. Let's take a look at this and the implementation of each Provider to see what's going on.
The following are tried in sequence to take advantage of the first credential found.
and ʻAWS_SECRET_ACCESS_KEY environment variables (This is recommended because it is also used by SDKs other than Java)
--ʻAWS_ACCESS_KEY and ʻAWS_SECRET_KEY environment variables
--When using AWS STS ʻAWS_SESSION_TOKEN` environment variable and ʻaws.secretKey system properties
--When using AWS STS ʻaws.sessionToken` System Properties~ / .aws / credentials
--The location of the file can be specified with the ʻAWS_CREDENTIAL_PROFILES_FILEenvironment variable --The old~ / .aws / configis also read for the time being --Multiple authentication information can be described in the file. Thedefault profile is loaded by default --You can specify a profile with the ʻAWS_PROFILE environment variable or the ʻaws.profile` system property.
--If the reload lock can be acquired, it will be reloaded once every 5 minutes.
--Reload once every 10 minutes even if the reload lock cannot be acquiredThe defaults are sufficient in most cases, as you can make quite a few settings using environment variables and system properties. Creating your own Credentials provider chain can be inflexible and painful. If environment variables and system properties aren't available and you really want to customize them, you can put DefaultAWSCredentialsProviderChain at the end of the chain.
Recommended Posts