- Newest
- Most votes
- Most comments
Hi,
Do you use any code in your app to specify the credentials? If yes, can you detail it?
It is important to know if / how break override the credentials provided by the DefaultAWSCredentialsProviderChain
.
See https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html for all details on this chain of credentials
Related question: do you have the AWS STS SDK included as part of your dependencies?
i.e., if you use Maven, in our pom.xml, something like:
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
<version>2.17.108</version>
</dependency>
Best,
Didier
Hello,
When using IAM roles for service accounts, the containers in your Pods must use an AWS SDK version that supports assuming an IAM role through an OpenID Connect web identity token file. Make sure that you're using the following versions, or later, for your AWS SDK:
- Java (Version 2) – 2.10.11
- Java – 1.11.704
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html
Using the AWS SDK for Java, you can build Java applications that work with DynamoDB as the SDK provides a Java API for the DynamoDB.
https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/home.html
Olawale-AWS, Thanks for your answer
Relevant content
- asked 6 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Hi @Didier Durand, Thanks the answer
I did not specifying any secret and key details in the code. we are depending on the Kubernetes Service account to retrieve the role info and on further analysis I found that we have 2 different Kubernetes service account (Default, and custom) and I am expecting my Pod to access custom service account to access Dynamodb but Pod is always trying to access default service account
Now I am checking if there is a way in java plication to specify which service account to use