Set up the Amazon SDK for Java 2.x - Amazon SDK for Java 2.x
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Set up the Amazon SDK for Java 2.x

This section provides information about how to set up your development environment and projects to use the Amazon SDK for Java 2.x.

Setup overview

To successfully develop applications that access Amazon Web Services services using the Amazon SDK for Java, the following conditions are required:

  • An active Amazon access portal session when you are ready to run your application. You use the Amazon Command Line Interface to initiate the sign-in process to IAM Identity Center's Amazon access portal.

Important

The instructions in this setup section assume that you or organization uses IAM Identity Center. If your organization uses an external identity provider that works independently of IAM Identity Center, find out how you can get temporary credentials for the SDK for Java to use. Follow these instructions to add temporary credentials to the ~/.aws/credentials file.

If your identity provider adds temporary credentials automatically to the ~/.aws/credentials file, make sure that the profile name is [default] so that you do not need to provide a profile name to the SDK or Amazon CLI.

Set up authentication

The Authentication and access topic in the Amazon SDKs and Tools Reference Guide describes the different options to authenticate. We recommend that you follow the instructions to set up access to the IAM Identity Center so the SDK can acquire credentials. After following the instructions, your system is set up to allow the SDK to authenticate requests.

Setup for single sign-on access for the SDK

After you complete Step 2 in the programmatic access section so that the SDK can use IAM Identity Center authentication, your system should contain the following elements.

  • The Amazon CLI, which you use to start an Amazon access portal session before you run your application.

  • An ~/.aws/config file that contains a default profile. The SDK for Java uses the profile's SSO token provider configuration to acquire credentials before sending requests to Amazon Web Services. The sso_role_name value, which is an IAM role connected to an IAM Identity Center permission set, should allow access to the Amazon Web Services services used in your application.

    The following sample config file shows a default profile set up with SSO token provider configuration. The profile's sso_session setting refers to the named sso-session section. The sso-session section contains settings to initiate an Amazon access portal session.

    [default] sso_session = my-sso sso_account_id = 111122223333 sso_role_name = SampleRole region = us-east-1 output = json [sso-session my-sso] sso_region = us-east-1 sso_start_url = https://provided-domain.awsapps.com/start sso_registration_scopes = sso:account:access

For more details about the settings used in the SSO token provider configuration, see SSO token provider configuration in the Amazon SDKs and Tools Reference Guide.

If your development environment is not set up for programmatic access as previously shown, follow Step 2 in the SDKs Reference Guide.

Sign in using the Amazon CLI

Before running an application that accesses Amazon Web Services services, you need an active Amazon access portal session in order for the SDK to use IAM Identity Center authentication to resolve credentials. Run the following command in the Amazon CLI to sign in to the Amazon access portal.

aws sso login

Since you have a default profile setup, you do not need to call the command with a --profile option. If your SSO token provider configuration is using a named profile, the command is aws sso login --profile named-profile.

To test if you already have an active session, run the following Amazon CLI command.

aws sts get-caller-identity

The response to this command should report the IAM Identity Center account and permission set configured in the shared config file.

Note

If you already have an active Amazon access portal session and run aws sso login, you will not be required to provide credentials.

However, you will see a dialog that requests permission for botocore to access your information. botocore is the foundation for the Amazon CLI .

Select Allow to authorize access to your information for the Amazon CLI and SDK for Java.

Install Java and a build tool

Your development environment needs the following:

Additional authentication options

For more options on authentication for the SDK, such as the use of profiles and environment variables, see the configuration chapter in the Amazon SDKs and Tools Reference Guide.