3

I am trying to fetch temporary security credentials and use them to push/publish data on the Kinesis stream. Please check below code for obtaining credentials.

private AssumeRoleResult getAssumeRoleResult() {
    AssumeRoleResult assumeRoleResult = null;
    try {
        log.info("Started to fetch AssumeRoleResult");
        BasicSessionCredentials currentRoleCredentials = getCredentialsOfCurrentRole();
        String sessionName = "assumedRole_" + RandomStringUtils.randomAlphanumeric(5).toUpperCase();
        region = Config.getRegion();
        AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard()
                                .withCredentials(new AWSStaticCredentialsProvider(currentRoleCredentials)).withRegion(region)
                                .build();
        String roleArn = Configurations.ROLE_ARN;
        assumeRoleResult = sts.assumeRole(new AssumeRoleRequest().withRoleArn(roleArn)
                                        .withDurationSeconds(AWS_KINESIS_SESSION_DURATION)
                                        .withRoleSessionName(sessionName));
        log.info("Your AssumeRoleResult is" + assumeRoleResult.toString())
        return assumeRoleResult;
    } catch(Exception e) {
        log.error("Failed to get AssumeRoleResult with error : {}", e.getMessage());
        e.printStackTrace();
    }
}


private BasicSessionCredentials getCredentialsOfCurrentRole() throws JSONException {
    // Code to fetch IAM credentials for current role
}

But when I checked the logs, found that assumeRoleResult is not returning anything.(I am not seeing any log saying "Your AssumeRoleResult is" and also not exception found).

Can you please let me know what what may be issue here.

JavaNewbie001
  • 41
  • 3
  • 1
    Does the info message at the start of this function appear in the logs? Does the function return, or does it just hang? If the answer to both questions is yes, then I would look at networking problems (ie, running on a private subnet without a NAT). – Parsifal Mar 15 '21 at 17:01
  • 1
    Your answer to the second question is "no", try replacing your catch expression with `Throwable`. I suspect that you might be getting a `NoClassDefFoundError`, which is not a subclass of `Exception`. – Parsifal Mar 15 '21 at 17:03

1 Answers1

1

To fix this issue I added following changes

  1. Updated Trust relationship for given account https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

  2. Updated aws-java-sdk-kinesis and aws-java-sdk-sts to latest version.

JavaNewbie001
  • 41
  • 3