Default credentials provider chain
The default credentials provider chain is implemented by the DefaultCredentialsProvider
To use the default credentials provider chain to supply temporary credentials, create a
service client builder but don't specify a credentials provider. The following code snippet
creates a DynamoDbClient
that uses the default credentials provider chain to
locate and retrieve default configuration settings.
Region region = Region.US_WEST_2; DynamoDbClient ddb = DynamoDbClient.builder() .region(region) .build();
Credential settings retrieval order
The default credentials provider chain of the SDK for Java 2.x searches for configuration in your environment using a predefined sequence.
-
Java system properties
-
The SDK uses the SystemPropertyCredentialsProvider
class to load temporary credentials from the aws.accessKeyId
,aws.secretAccessKey
, andaws.sessionToken
Java system properties.Note
For information on how to set Java system properties, see the System Properties
tutorial on the official Java Tutorials website.
-
-
Environment variables
-
The SDK uses the EnvironmentVariableCredentialsProvider
class to load temporary credentials from the AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, andAWS_SESSION_TOKEN
environment variables.
-
-
Web identity token from Amazon Security Token Service
-
The SDK uses the WebIdentityTokenFileCredentialsProvider
class to load temporary credentials from Java system properties or environment variables.
-
-
The shared
credentials
andconfig
files-
The SDK uses the ProfileCredentialsProvider
to load IAM Identity Center single sign-on settings or temporary credentials from the [default]
profile in the sharedcredentials
andconfig
files.The Amazon SDKs and Tools Reference Guide has detailed information about how the SDK for Java works with the IAM Identity Center single sign-on token to get temporary credentials that the SDK uses to call Amazon Web Services services.
Note
The
credentials
andconfig
files are shared by various Amazon SDKs and Tools. For more information, see The .aws/credentials and .aws/config files in the Amazon SDKs and Tools Reference Guide.
-
-
Amazon ECS container credentials
-
The SDK uses the ContainerCredentialsProvider
class to load temporary credentials from the following environment variables: AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
orAWS_CONTAINER_CREDENTIALS_FULL_URI
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE
orAWS_CONTAINER_AUTHORIZATION_TOKEN
-
-
Amazon EC2 instance IAM role-provided credentials
-
The SDK uses the InstanceProfileCredentialsProvider
class to load temporary credentials from the Amazon EC2 metadata service.
-