in solution/solution-cross-account-sts-token/code-example/java/common/src/main/java/org/example/sdk2_0/AssumeRoleSample.java [64:98]
public static CredentialModel createAssumeRoleCredential(com.aliyun.credentials.Client credentialClient) throws Exception {
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
.setCredential(credentialClient)
// 地域,以华东1(杭州)为例
.setRegionId("cn-hangzhou");
com.aliyun.sts20150401.Client stsClient = new com.aliyun.sts20150401.Client(config);
RuntimeOptions runtimeOptions = new RuntimeOptions()
// 开启自动重试机制,只会对超时等网络异常进行重试
.setAutoretry(true)
// 设置自动重试次数,默认3次
.setMaxAttempts(3);
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest()
// 请替换为您实际要扮演的RAM角色ARN
// 格式为 acs:ram::${账号 ID}:role/${角色名称}
.setRoleArn("<role-arn>")
// 角色会话名称
.setRoleSessionName("WellArchitectedSolutionDemo")
// 设置会话权限策略,进一步限制STS Token 的权限,如果指定该权限策略,则 STS Token 最终的权限策略取 RAM 角色权限策略与该权限策略的交集
// 非必填。示例值:{"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
.setPolicy("{\"Statement\": [{\"Action\": [\"*\"],\"Effect\": \"Allow\",\"Resource\": [\"*\"]}],"
+ "\"Version\":\"1\"}")
// STS Token 有效期,单位:秒
.setDurationSeconds(3600L);
AssumeRoleResponse assumeRoleResponse = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtimeOptions);
AssumeRoleResponseBody.AssumeRoleResponseBodyCredentials credentials = assumeRoleResponse.getBody().getCredentials();
// 返回角色扮演获取到的STS Token
return CredentialModel.builder()
.accessKeyId(credentials.getAccessKeyId())
.accessKeySecret(credentials.getAccessKeySecret())
.securityToken(credentials.getSecurityToken())
.expiration(ParameterHelper.getUTCDate(credentials.getExpiration()).getTime())
.build();
}