tessl/maven-com-amazonaws--aws-java-sdk-sts
Java client library for Amazon Web Services Security Token Service (AWS STS) enabling temporary security credentials and federated user access
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-com-amazonaws--aws-java-sdk-sts@1.12.0index.mddocs/
AWS Security Token Service (STS) SDK
The AWS Java SDK for AWS STS provides comprehensive client libraries for communicating with Amazon Web Services Security Token Service. This service enables applications to request temporary, limited-privilege credentials for users, supporting various authentication mechanisms including role assumption, SAML federation, web identity federation, and multi-factor authentication.
Package Information
- Package Name: aws-java-sdk-sts
- Package Type: Maven
- Language: Java
- Group ID: com.amazonaws
- Artifact ID: aws-java-sdk-sts
- Version: 1.12.789
- Installation:
<dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-java-sdk-sts</artifactId> <version>1.12.789</version> </dependency>
Core Imports
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.*;For asynchronous operations:
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsyncClientBuilder;Basic Usage
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.*;
// Create STS client
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
.standard()
.withRegion("us-east-1")
.build();
// Get caller identity
GetCallerIdentityResult identity = stsClient.getCallerIdentity(new GetCallerIdentityRequest());
System.out.println("Account: " + identity.getAccount());
System.out.println("User ARN: " + identity.getArn());
// Assume a role
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn("arn:aws:iam::123456789012:role/MyRole")
.withRoleSessionName("MySession")
.withDurationSeconds(3600);
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
Credentials credentials = assumeResult.getCredentials();
System.out.println("Access Key: " + credentials.getAccessKeyId());
System.out.println("Secret Key: " + credentials.getSecretAccessKey());
System.out.println("Session Token: " + credentials.getSessionToken());Architecture
The AWS STS SDK is built around several key components:
- Service Interface:
AWSSecurityTokenServicedefines all STS operations with synchronous execution - Async Interface:
AWSSecurityTokenServiceAsyncprovides asynchronous versions of all operations - Client Implementations: Thread-safe clients (
AWSSecurityTokenServiceClient,AWSSecurityTokenServiceAsyncClient) that handle HTTP communication - Builder Pattern: Fluent builders for configuring clients with regions, credentials, and custom settings
- Request/Result Objects: Strongly-typed classes for all API operations with builder patterns
- Model Classes: Data transfer objects representing AWS STS entities (credentials, users, policies)
- Exception Hierarchy: Specific exception types for different error conditions
Capabilities
Client Management
Core client creation, configuration, and lifecycle management functionality including builders, endpoint configuration, and resource cleanup.
// Client builders
public static AWSSecurityTokenServiceClientBuilder standard();
public static AWSSecurityTokenService defaultClient();
public static AWSSecurityTokenServiceAsyncClientBuilder standard();
public static AWSSecurityTokenServiceAsync defaultClient();
// Client interface
public interface AWSSecurityTokenService {
void setEndpoint(String endpoint);
void setRegion(Region region);
void shutdown();
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request);
}Role Assumption Operations
Core functionality for assuming IAM roles to obtain temporary credentials, including cross-account access, session policies, and MFA requirements.
AssumeRoleResult assumeRole(AssumeRoleRequest assumeRoleRequest);
AssumeRoleWithSAMLResult assumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest);
AssumeRoleWithWebIdentityResult assumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest);Federation Operations
Federation functionality for obtaining temporary credentials through external identity providers and custom federation brokers.
GetFederationTokenResult getFederationToken(GetFederationTokenRequest getFederationTokenRequest);Session Token Operations
Session token management for MFA-protected operations and temporary credential generation for existing IAM users.
GetSessionTokenResult getSessionToken(GetSessionTokenRequest getSessionTokenRequest);
GetSessionTokenResult getSessionToken();Utility Operations
Utility operations for debugging authorization failures, retrieving caller identity, and determining account ownership of access keys.
GetCallerIdentityResult getCallerIdentity(GetCallerIdentityRequest getCallerIdentityRequest);
GetAccessKeyInfoResult getAccessKeyInfo(GetAccessKeyInfoRequest getAccessKeyInfoRequest);
DecodeAuthorizationMessageResult decodeAuthorizationMessage(DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest);Core Types
public class Credentials {
public Credentials();
public Credentials(String accessKeyId, String secretAccessKey, String sessionToken, Date expiration);
public String getAccessKeyId();
public String getSecretAccessKey();
public String getSessionToken();
public Date getExpiration();
public void setAccessKeyId(String accessKeyId);
public void setSecretAccessKey(String secretAccessKey);
public void setSessionToken(String sessionToken);
public void setExpiration(Date expiration);
}
public class AssumedRoleUser {
public String getAssumedRoleId();
public String getArn();
public void setAssumedRoleId(String assumedRoleId);
public void setArn(String arn);
}
public class FederatedUser {
public String getFederatedUserId();
public String getArn();
public void setFederatedUserId(String federatedUserId);
public void setArn(String arn);
}
public class Tag {
public String getKey();
public String getValue();
public void setKey(String key);
public void setValue(String value);
}
public class PolicyDescriptorType {
public String getArn();
public void setArn(String arn);
}Exception Handling
// Base exception
public class AWSSecurityTokenServiceException extends AmazonServiceException { }
// Specific exceptions
public class ExpiredTokenException extends AWSSecurityTokenServiceException { }
public class InvalidIdentityTokenException extends AWSSecurityTokenServiceException { }
public class MalformedPolicyDocumentException extends AWSSecurityTokenServiceException { }
public class PackedPolicyTooLargeException extends AWSSecurityTokenServiceException { }
public class RegionDisabledException extends AWSSecurityTokenServiceException { }
public class IDPRejectedClaimException extends AWSSecurityTokenServiceException { }
public class IDPCommunicationErrorException extends AWSSecurityTokenServiceException { }
public class InvalidAuthorizationMessageException extends AWSSecurityTokenServiceException { }