Set up the AWS SDK for Java 2.x
This section provides information about how to set up your development environment and projects to use the AWS SDK for Java 2.x.
Setup overview
To successfully develop applications that access AWS services using the AWS SDK for Java, the following conditions are required:
-
The Java SDK must have access to credentials to authenticate requests on your behalf.
-
The permissions of the IAM role configured for the SDK must allow access to the AWS services that your application requires. The permissions associated with the PowerUserAccess AWS managed policy are sufficient for most development needs.
-
A development environment with the following elements:
-
Shared configuration files that are set up in at least one of the following ways:
-
The
config
file contains IAM Identity Center single sign-on settings so that the SDK can get AWS credentials. -
The
credentials
file contains temporary credentials.
-
-
An installation of Java 8 or later.
-
A build automation tool such as Maven
or Gradle . -
A text editor to work with code.
-
(Optional, but recommended) An IDE (integrated development environment) such as IntelliJ IDEA
, Eclipse , or NetBeans . When you use an IDE, you can also integrate AWS Toolkits to more easily work with AWS services. The AWS Toolkit for IntelliJ and AWS Toolkit for Eclipse are two toolkits that you can use for Java development.
-
-
An active AWS access portal session when you are ready to run your application. You use the AWS Command Line Interface to initiate the sign-in process to IAM Identity Center's AWS access portal.
Important
The instructions in this setup section assume that you or organization uses IAM Identity Center. If
your organization uses an external identity provider that works independently of IAM Identity Center,
find out how you can get temporary credentials for the SDK for Java to use. Follow these instructions to add
temporary credentials to the ~/.aws/credentials
file.
If your identity provider adds temporary credentials automatically to the
~/.aws/credentials
file, make sure that the profile name is
[default]
so that you do not need to provide a profile name to the SDK
or AWS CLI.
Set up authentication
The Authentication and access topic in the AWS SDKs and Tools Reference Guide describes the different options to authenticate. We recommend that you follow the instructions to set up access to the IAM Identity Center so the SDK can acquire credentials. After following the instructions, your system is set up to allow the SDK to authenticate requests.
Setup for single sign-on access for the SDK
After you complete Step 2 in the programmatic access section so that the SDK can use IAM Identity Center authentication, your system should contain the following elements.
-
The AWS CLI, which you use to start an AWS access portal session before you run your application.
-
An
~/.aws/config
file that contains a default profile. The SDK for Java uses the profile's SSO token provider configuration to acquire credentials before sending requests to AWS. Thesso_role_name
value, which is an IAM role connected to an IAM Identity Center permission set, should allow access to the AWS services used in your application.The following sample
config
file shows a default profile set up with SSO token provider configuration. The profile'ssso_session
setting refers to the namedsso-session
section. Thesso-session
section contains settings to initiate an AWS access portal session.[default] sso_session = my-sso sso_account_id =
111122223333
sso_role_name =SampleRole
region = us-east-1 output = json [sso-session my-sso] sso_region = us-east-1 sso_start_url =https://provided-domain.awsapps.com/start
sso_registration_scopes = sso:account:access
For more details about the settings used in the SSO token provider configuration, see SSO token provider configuration in the AWS SDKs and Tools Reference Guide.
If your development environment is not set up for programmatic access as previously shown, follow Step 2 in the SDKs Reference Guide.
Sign in using the AWS CLI
Before running an application that accesses AWS services, you need an active AWS access portal session in order for the SDK to use IAM Identity Center authentication to resolve credentials. Run the following command in the AWS CLI to sign in to the AWS access portal.
aws sso login
Since you have a default profile setup, you do not need to call the command with a
--profile
option. If your SSO token provider configuration is using a named
profile, the command is aws sso login --profile
.named-profile
To test if you already have an active session, run the following AWS CLI command.
aws sts get-caller-identity
The response to this command should report the IAM Identity Center account and permission set
configured in the shared config
file.
Note
If you already have an active AWS access portal session and run aws sso login
, you
will not be required to provide credentials.
However, you will see a dialog that requests permission for botocore
to
access your information. botocore
is the foundation for the AWS CLI .
Select Allow to authorize access to your information for the AWS CLI and SDK for Java.
Install Java and a build tool
Your development environment needs the following:
-
Java 8 or later. The AWS SDK for Java works with the Oracle Java SE Development Kit
and with distributions of Open Java Development Kit (OpenJDK) such as Amazon Corretto , Red Hat OpenJDK , and Adoptium . -
A build tool or IDE that supports Maven Central such as Apache Maven, Gradle, or IntelliJ.
-
For information about how to install and use Maven, see https://maven.apache.org/
. -
For information about how to install and use Gradle, see https://gradle.org/
. -
For information about how to install and use IntelliJ IDEA, see https://www.jetbrains.com/idea/
.
-
Additional authentication options
For more options on authentication for the SDK, such as the use of profiles and environment variables, see the configuration chapter in the AWS SDKs and Tools Reference Guide.