I am using Java to upload images to Amazon S3

AwsSessionCredentials awsCreds = AwsSessionCredentials.create(ACCESS_KEY, SECRET_KEY, SESSION_TOKEN);

S3Client s3main = S3Client.builder()
        .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
        .endpointOverride(URI.create(MAIN_END_POINT)).region(main_region).build();

  s3main.putObject(PutObjectRequest.builder().bucket(bucketName).key(img1Name).build(),  RequestBody.fromBytes(bytesMain));

Above code works. I am passing blank string "" as SESSION_TOKEN. Just wondering what is the use of Session Token here? What value should I pass here?

CodePudding user response：

You are using IAM user credentials and so you do not have a session token and your code should use AwsBasicCredentials. Session tokens are associated with short-term credentials from an assumed IAM role, in which case your code would use AwsSessionCredentials.

Background

To quote the AWS documentation:

You must provide your AWS access keys to make programmatic calls to AWS. When you create your access keys, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE) and secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set.

IAM users, for example, authenticate using an access key ID and a secret access key. These are long-lived credentials.

However, it is also possible to use short-term credentials:

You can also create and use temporary access keys, known as temporary security credentials. In addition to the access key ID and secret access key, temporary security credentials include a security token that you must send to AWS when you use temporary security credentials. The advantage of temporary security credentials is that they are short term. After they expire, they're no longer valid.

When IAM users or federated users assumes an IAM role, they are given a set of credentials that comprise an access key ID, a secret access key, and a security token. These are short-lived credentials.