vendredi 25 septembre 2015

Connection Time out making AWS CLI call using : STSAssumeRoleSessionCredentialsProvider

I am running my code from unix box , and I have attached a readonly role to my ec2 instance which has cross account access setup. When I hop on to the instance , and I run the command manually , it works :

aws sts assume-role --role-arn arn:aws:iam::093937234853:role/CapOne-CrossAccount-CustomRole-ReadOnly --role-session-name 123

I have setup the http_proxy and https_proxy , NO_PROXY=169.254.169.254 manually . But when I run the java program within the same session on unix , I get the following exception :

com.amazonaws.AmazonClientException: Unable to execute HTTP request: connect timed out

Here is how I am assuming role in Java:

STSAssumeRoleSessionCredentialsProvider stscred = new STSAssumeRoleSessionCredentialsProvider("arn:aws:iam::093937234853:role/CapOne-CrossAccount-CustomRole-ReadOnly","123");

and I am getting the exception when :

public DescribeInstancesResult getDescribeInstancesResult() {
        if(describeInstancesResult == null){
                try{
                        this.setDescribeInstancesResult(this.getResourceClient().describeInstances());
                }catch(AmazonClientException ac){
                        System.out.println("ERROR: AmazonClientException Connection with the AWS public " + getResourceType().name() + " services.\n\n" + ac);
                }
        }
        return describeInstancesResult;
}

Do I need to pass the Proxy information even though i have set them manually on the same Linux session. I have also tried running with the following command :

java -Dhttp.proxyHost=proxy.kdc.capitalone.com -Dhttp.proxyPort=8099 -Dhttp.nonProxyHosts=169.254.169.254 -jar ResourceMetadataReport-00.00.01.00-SNAPSHOT.jar

and I am also setting the proxy in the java code just to be safe :

    System.setProperty("http.proxyHost", "proxy.kdc.company.com");
    System.setProperty("http.proxyPort", "8099");
    System.setProperty("https.proxyHost", "proxy.kdc.company.com");
    System.setProperty("https.proxyPort", "8099");          
    System.setProperty("http.nonProxyHosts", "169.254.169.254");

FYI : I Dont want to use the methods like :

public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider longLivedCredentialsProvider,                                       java.lang.String roleArn,java.lang.String roleSessionName,ClientConfiguration clientConfiguration)

As I should not be passing my credentials.

à

Aucun commentaire:

Enregistrer un commentaire