in priam/src/main/java/com/netflix/priam/aws/auth/EC2RoleAssumptionCredential.java [40:88]
public AWSCredentialsProvider getAwsCredentialProvider() {
if (this.config.isDualAccount() || this.stsSessionCredentialsProvider == null) {
synchronized (this) {
if (this.stsSessionCredentialsProvider == null) {
String roleArn;
/**
* Create the assumed IAM role based on the environment. For example, if the
* current environment is VPC, then the assumed role is for EC2 classic, and
* vice versa.
*/
if (instanceInfo.getInstanceEnvironment()
== InstanceInfo.InstanceEnvironment.CLASSIC) {
roleArn = this.config.getClassicEC2RoleAssumptionArn();
// Env is EC2 classic --> IAM assumed role for VPC created
} else {
roleArn = this.config.getVpcEC2RoleAssumptionArn();
// Env is VPC --> IAM assumed role for EC2 classic created.
}
//
if (StringUtils.isEmpty(roleArn))
throw new NullPointerException(
"Role ARN is null or empty probably due to missing config entry");
/**
* Get handle to an implementation that uses AWS Security Token Service (STS) to
* create temporary, short-lived session with explicit refresh for session/token
* expiration.
*/
try {
this.stsSessionCredentialsProvider =
new STSAssumeRoleSessionCredentialsProvider(
this.cred.getAwsCredentialProvider(),
roleArn,
AWS_ROLE_ASSUMPTION_SESSION_NAME);
} catch (Exception ex) {
throw new IllegalStateException(
"Exception in getting handle to AWS Security Token Service (STS). Msg: "
+ ex.getLocalizedMessage(),
ex);
}
}
}
}
return this.stsSessionCredentialsProvider;
}