or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

credential-management.mdcredential-providers.mdindex.mdrequest-signing.mdtoken-authentication.md
tile.json

tessl/maven-software-amazon-awssdk--auth

Authentication library providing comprehensive signing and credential management capabilities for AWS services.

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
mavenpkg:maven/software.amazon.awssdk/auth@2.32.x

To install, run

npx @tessl/cli install tessl/maven-software-amazon-awssdk--auth@2.32.0

index.mddocs/

AWS SDK for Java v2 - Auth Module

The AWS SDK for Java v2 Auth module provides comprehensive authentication and signing capabilities for AWS services. It includes credential management, request signing, and token-based authentication support for Java applications.

Package Information

  • Package Name: auth
  • Package Type: maven
  • Language: Java
  • Group ID: software.amazon.awssdk
  • Artifact ID: auth
  • Version: 2.32.31
  • Installation: 
    <dependency>
  <groupId>software.amazon.awssdk</groupId>
  <artifactId>auth</artifactId>
  <version>2.32.31</version>
</dependency>

Core Imports

// Credential interfaces and implementations
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;

// Common credential providers
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;

// Token-based authentication
import software.amazon.awssdk.auth.token.credentials.SdkToken;
import software.amazon.awssdk.auth.token.credentials.SdkTokenProvider;
import software.amazon.awssdk.auth.token.credentials.DefaultAwsTokenProvider;

// Utility classes
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.token.credentials.TokenUtils;

Wildcard imports (use when importing multiple classes):

import software.amazon.awssdk.auth.credentials.*;
import software.amazon.awssdk.auth.token.credentials.*;

Basic Usage

import software.amazon.awssdk.auth.credentials.*;
import software.amazon.awssdk.auth.token.credentials.*;
import java.time.Instant;

// Use default credential provider chain (recommended)
AwsCredentialsProvider credentialsProvider = DefaultCredentialsProvider.builder()
    .asyncCredentialUpdateEnabled(true)
    .build();
AwsCredentials credentials = credentialsProvider.resolveCredentials();
System.out.println("Access Key ID: " + credentials.accessKeyId());

// Use static credentials for testing/development
AwsCredentials staticCredentials = AwsBasicCredentials.builder()
    .accessKeyId("ACCESS_KEY")
    .secretAccessKey("SECRET_KEY")
    .providerName("MyStaticProvider")
    .build();
AwsCredentialsProvider staticProvider = StaticCredentialsProvider.create(staticCredentials);

// Use session credentials with token and expiration
AwsSessionCredentials sessionCredentials = AwsSessionCredentials.builder()
    .accessKeyId("TEMP_ACCESS_KEY")
    .secretAccessKey("TEMP_SECRET_KEY")
    .sessionToken("SESSION_TOKEN")
    .expirationTime(Instant.now().plusSeconds(3600)) // 1 hour expiration
    .providerName("AssumeRoleProvider")
    .build();

// Create custom provider chain with specific ordering
AwsCredentialsProvider customChain = AwsCredentialsProviderChain.builder()
    .addCredentialsProvider(EnvironmentVariableCredentialsProvider.create())
    .addCredentialsProvider(ProfileCredentialsProvider.create("my-profile"))
    .addCredentialsProvider(InstanceProfileCredentialsProvider.create())
    .build();

// Token-based authentication (for SSO)
SdkTokenProvider tokenProvider = DefaultAwsTokenProvider.builder()
    .asyncTokenUpdateEnabled(true)
    .build();
SdkToken token = tokenProvider.resolveToken();

// Check credential anonymity
boolean isAnonymous = CredentialUtils.isAnonymous(credentials);
if (!isAnonymous) {
    System.out.println("Using authenticated credentials");
}

// Always close resources when done
credentialsProvider.close();
tokenProvider.close();

Architecture

The AWS Auth module is organized around several key components:

  • Credential Types: Core credential interfaces and implementations (AwsCredentials, AwsBasicCredentials, AwsSessionCredentials)
  • Credential Providers: Various sources for loading credentials with automatic fallback chains
  • Request Signers: AWS4 signature implementations for authenticating requests (mostly deprecated)
  • Token Authentication: OAuth/Bearer token support for modern authentication flows
  • Builder Pattern: Fluent APIs with immutable configurations and extensive customization options
  • Chain of Responsibility: Multiple credential sources with automatic fallback behavior

Capabilities

Credential Management

Core credential types and comprehensive provider ecosystem for loading AWS credentials from various sources including environment, profiles, containers, and instance metadata.

interface AwsCredentials extends AwsCredentialsIdentity {
    String accessKeyId();
    String secretAccessKey();
}

interface AwsCredentialsProvider extends IdentityProvider<AwsCredentialsIdentity> {
    AwsCredentials resolveCredentials();
}

class AwsBasicCredentials implements AwsCredentials {
    static AwsBasicCredentials create(String accessKeyId, String secretAccessKey);
    static Builder builder();
}

class AwsSessionCredentials implements AwsCredentials, AwsSessionCredentialsIdentity {
    static AwsSessionCredentials create(String accessKey, String secretKey, String sessionToken);
    String sessionToken();
    Optional<Instant> expirationTime();
}

Credential Management

Credential Providers

Built-in providers for loading credentials from environment variables, system properties, AWS profiles, EC2 instance metadata, container metadata, and custom provider chains.

class DefaultCredentialsProvider implements AwsCredentialsProvider {
    static DefaultCredentialsProvider create();
    static Builder builder();
}

class AwsCredentialsProviderChain implements AwsCredentialsProvider {
    static Builder builder();
    static AwsCredentialsProviderChain of(AwsCredentialsProvider... providers);
}

class StaticCredentialsProvider implements AwsCredentialsProvider {
    static StaticCredentialsProvider create(AwsCredentials credentials);
}

class EnvironmentVariableCredentialsProvider implements AwsCredentialsProvider {
    static EnvironmentVariableCredentialsProvider create();
}

Credential Providers

Token-Based Authentication

OAuth and Bearer token authentication support for modern AWS services requiring token-based authentication flows.

interface SdkToken extends TokenIdentity {
    String token();
    Optional<Instant> expirationTime();
}

interface SdkTokenProvider extends IdentityProvider<TokenIdentity> {
    SdkToken resolveToken();
}

class StaticTokenProvider implements SdkTokenProvider {
    static StaticTokenProvider create(SdkToken token);
}

class DefaultAwsTokenProvider implements SdkTokenProvider {
    static DefaultAwsTokenProvider create();
    static Builder builder();
}

Token Authentication

Request Signing (Legacy)

Note: The signer classes in this module are deprecated in favor of the new http-auth-aws module.

Legacy AWS Signature Version 4 implementations for request signing, including specialized signers for S3 and event streams.

// DEPRECATED - Use AwsV4HttpSigner from 'http-auth-aws' module
class Aws4Signer implements Signer {
    static Aws4Signer create();
}

// DEPRECATED - Use AwsV4HttpSigner from 'http-auth-aws' module  
class AsyncAws4Signer implements AsyncSigner {
    static AsyncAws4Signer create();
}

// DEPRECATED - Use BearerHttpSigner from 'http-auth' module
class BearerTokenSigner implements Signer {
    static BearerTokenSigner create();
}

Request Signing (Legacy)

Types

interface ToCopyableBuilder<B, T> {
    B toBuilder();
}

interface SdkAutoCloseable extends AutoCloseable {
    void close();
}

class ExecutionAttribute<T> {
    // Execution context attributes for signers
}

enum RegionScope {
    GLOBAL, REGIONAL
}