Spring boot application can't find aws credentials from any credentials chain-CodePudding

I'm trying to migrate Several spring boot services to EKS and they can't retrieve aws credentials from credentials chain and pods are failing with following error: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain

These are what I've tried so far:

I'm using Web identity token from AWS STS for credentials retrieval.

@Bean
public AWSCredentialsProvider awsCredentialsProvider() {
    if (System.getenv("AWS_WEB_IDENTITY_TOKEN_FILE") != null) {
        return WebIdentityTokenCredentialsProvider.builder().build();
    }
    return new DefaultAWSCredentialsProviderChain();
}

@Bean
public SqsClient sqsClient(AWSCredentialsProvider awsCredentialsProvider) {
    return SqsClient
            .builder()
            .credentialsProvider(() -> (AwsCredentials) awsCredentialsProvider.getCredentials())
            .region(Region.EU_WEST_1).build();
}

@Bean
public SnsClient snsClient(AWSCredentialsProvider awsCredentialsProvider) {
    return SnsClient
            .builder()
            .credentialsProvider(() -> (AwsCredentials) awsCredentialsProvider.getCredentials())
            .region(Region.EU_WEST_1).build();
}

The services also have aws-java-sdk-sts maven dependency packaged.

IAM role for the services is also fine and AWS_WEB_IDENTITY_TOKEN_FILE is a also automatically created within pod after each Jenkins build based on K8s manifest file.

From pod I can make GET and POST request to SNS and SQS without any problem.

CodePudding user response：

You should have roleArn, sessionname and token details in the identity token cred provider build.

Try this

return  WebIdentityTokenCredentialsProvider.builder()
        .roleArn(System.getenv("AWS_ROLE_ARN"))
        .roleSessionName(System.getenv("AWS_ROLE_SESSION_NAME"))
        .webIdentityTokenFile(System.getenv("AWS_WEB_IDENTITY_TOKEN_FILE"))
        .build();

than just returning as return WebIdentityTokenCredentialsProvider.builder().build();

CodePudding user response：

You can try to create the file:

Windows: C:\Users[username].aws\config
Mac: /Users/[username]/.aws/config
Linux: /home/[username]/.aws/config

and add an AWS credential to it. Ex:

[default]
aws_access_key_id = key_value
aws_secret_access_key = secret_value