我想出了答案。这个问题的问题是默认情况下会加载凭据文件,但它并不总是包含配置文件中的所有可用信息。我们需要加载和展平。
AWS 已经提供了ProfileAssumeRoleCredentialsProvider,它允许我们从配置文件中担任角色。一旦我们提供了它需要的所有信息,它就可以毫无问题地承担角色(假设您的令牌是最新的)
/**
* @author Paul Nelson Baker
* @see <a href="https://github.com/paul-nelson-baker/">GitHub</a>
* @see <a href="https://www.linkedin.com/in/paul-n-baker/">LinkedIn</a>
* @since 2018-11
*/
public class CredentialsChain {
public static final AWSCredentialsProviderChain CREDENTIALS_PROVIDER_CHAIN;
static {
AllProfiles allProfiles = flattenConfigurationFiles(
DEFAULT_CONFIG_LOCATION_PROVIDER.getLocation(), // ~/.aws/config
DEFAULT_CREDENTIALS_LOCATION_PROVIDER.getLocation() // ~/.aws/credentials
);
String currentProfileName = AwsProfileNameLoader.INSTANCE.loadProfileName();
BasicProfile currentProfile = allProfiles.getProfile(currentProfileName);
STSProfileCredentialsService profileCredentialsService = new STSProfileCredentialsService();
// We stick our merged profile provider first, but we still want the default behavior to apply
// so create a new chain with the default chain as the tail provider.
CREDENTIALS_PROVIDER_CHAIN = new AWSCredentialsProviderChain(
new ProfileAssumeRoleCredentialsProvider(profileCredentialsService, allProfiles, currentProfile),
new DefaultAWSCredentialsProviderChain()
);
}
private static AllProfiles flattenConfigurationFiles(File firstFile, File... additionalFiles) {
// Utilize the AWS SDK to load the actual profile objects
List<ProfilesConfigFile> allProfileConfigFiles = Stream.concat(Stream.of(firstFile), Arrays.stream(additionalFiles))
.map(ProfilesConfigFile::new).collect(Collectors.toList());
// Process each file one by one, look at their profiles, and place their values into a single map
// Duplicate profiles will now have the single key/value pairs.
Map<String, Map<String, String>> buildingMap = new LinkedHashMap<>();
for (ProfilesConfigFile currentConfigFile : allProfileConfigFiles) {
for (Entry<String, BasicProfile> currentProfile : currentConfigFile.getAllBasicProfiles().entrySet()) {
// Some profiles are prefixed with "profile " so we want to cull it so we're actually merging the correct data
String currentProfileName = currentProfile.getKey().replaceAll("^profile\\s+", "");
if (!buildingMap.containsKey(currentProfileName)) {
buildingMap.put(currentProfileName, new LinkedHashMap<>());
}
Map<String, String> profileKeyValuePairs = buildingMap.get(currentProfileName);
for (Entry<String, String> overridingEntry : currentProfile.getValue().getProperties().entrySet()) {
profileKeyValuePairs.put(overridingEntry.getKey(), overridingEntry.getValue());
}
}
}
// Take the results, and convert them to AWS SDK Types
Map<String, BasicProfile> finalResult = new LinkedHashMap<>();
for (Entry<String, Map<String, String>> currentFinalProfile : buildingMap.entrySet()) {
String currentProfileName = currentFinalProfile.getKey();
finalResult.put(currentProfileName, new BasicProfile(currentProfileName, currentFinalProfile.getValue()));
}
return new AllProfiles(finalResult);
}
private CredentialsChain() {
}
}