tessl/maven-software-amazon-awssdk--sts
AWS Security Token Service (STS) Java SDK providing client classes for temporary credential authentication mechanisms
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-software-amazon-awssdk--sts@2.33.0index.mddocs/
AWS STS Java SDK
The AWS STS (Security Token Service) Java SDK provides comprehensive client classes for communicating with AWS Security Token Service. It enables Java applications to obtain temporary AWS credentials through various authentication mechanisms including role assumption, web identity token authentication, SAML-based authentication, and federation tokens. The SDK includes both low-level client operations and high-level credential providers with built-in session management and automatic credential refresh capabilities.
Package Information
- Package Name: sts
- Package Type: maven
- Group ID: software.amazon.awssdk
- Artifact ID: sts
- Language: Java
- Version: 2.33.4
- Installation:
<dependency> <groupId>software.amazon.awssdk</groupId> <artifactId>sts</artifactId> <version>2.33.4</version> </dependency>
Core Imports
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.model.*;
import software.amazon.awssdk.services.sts.auth.*;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.regions.Region;Basic Usage
Using STS Client Directly
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.model.*;
// Create STS client
StsClient stsClient = StsClient.builder()
.region(Region.US_EAST_1)
.build();
// Assume a role
AssumeRoleRequest request = AssumeRoleRequest.builder()
.roleArn("arn:aws:iam::123456789012:role/MyRole")
.roleSessionName("MySession")
.durationSeconds(3600)
.build();
AssumeRoleResponse response = stsClient.assumeRole(request);
Credentials credentials = response.credentials();
System.out.println("Access Key: " + credentials.accessKeyId());
System.out.println("Secret Key: " + credentials.secretAccessKey());
System.out.println("Session Token: " + credentials.sessionToken());Using Credential Providers
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
// Create credential provider
StsAssumeRoleCredentialsProvider credentialsProvider =
StsAssumeRoleCredentialsProvider.builder()
.refreshRequest(AssumeRoleRequest.builder()
.roleArn("arn:aws:iam::123456789012:role/MyRole")
.roleSessionName("MySession")
.build())
.build();
// Get credentials (automatically cached and refreshed)
AwsCredentials credentials = credentialsProvider.resolveCredentials();Architecture
The AWS STS Java SDK is organized around several key components:
- STS Client API: Low-level client interface providing direct access to all STS operations
- Credential Providers: High-level abstractions that automatically manage credential lifecycle
- Model Classes: Type-safe request/response objects and data models for all STS operations
- Authentication: Integration with AWS credential provider chains and profile systems
- Caching: Built-in credential caching with configurable refresh behavior
Capabilities
STS Client Operations
Direct access to all AWS STS operations for temporary credential management, caller identity verification, and authorization message decoding.
public interface StsClient extends SdkClient {
AssumeRoleResponse assumeRole(AssumeRoleRequest request);
AssumeRoleWithSAMLResponse assumeRoleWithSAML(AssumeRoleWithSAMLRequest request);
AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest request);
AssumeRootResponse assumeRoot(AssumeRootRequest request);
DecodeAuthorizationMessageResponse decodeAuthorizationMessage(DecodeAuthorizationMessageRequest request);
GetAccessKeyInfoResponse getAccessKeyInfo(GetAccessKeyInfoRequest request);
GetCallerIdentityResponse getCallerIdentity(GetCallerIdentityRequest request);
GetFederationTokenResponse getFederationToken(GetFederationTokenRequest request);
GetSessionTokenResponse getSessionToken(GetSessionTokenRequest request);
static StsClientBuilder builder();
}Credential Providers
High-level credential providers that automatically handle credential acquisition, caching, and refresh using various STS operations. Integrates seamlessly with AWS SDK credential provider chains.
public abstract class StsCredentialsProvider implements AwsCredentialsProvider {
public abstract AwsCredentials resolveCredentials();
public Duration staleTime();
public Duration prefetchTime();
}
public class StsAssumeRoleCredentialsProvider extends StsCredentialsProvider {
public static Builder builder();
}
public class StsAssumeRoleWithWebIdentityCredentialsProvider extends StsCredentialsProvider {
public static Builder builder();
}Types
Core Data Models
public interface Credentials {
String accessKeyId();
String secretAccessKey();
String sessionToken();
Instant expiration();
}
public interface AssumedRoleUser {
String assumedRoleId();
String arn();
}
public interface FederatedUser {
String federatedUserId();
String arn();
}
public interface Tag {
String key();
String value();
}Common Exceptions
public class ExpiredTokenException extends StsException {
// Token has expired
}
public class IdpCommunicationErrorException extends StsException {
// Identity provider communication error
}
public class IdpRejectedClaimException extends StsException {
// Identity provider rejected claim
}
public class InvalidAuthorizationMessageException extends StsException {
// Invalid authorization message
}
public class InvalidIdentityTokenException extends StsException {
// Invalid identity token provided
}
public class MalformedPolicyDocumentException extends StsException {
// Policy document is malformed
}
public class PackedPolicyTooLargeException extends StsException {
// Policy size exceeded limit
}
public class RegionDisabledException extends StsException {
// STS is not activated in the requested region
}