NOTICE: This project is no longer active.
A Clojure library for Amazon's Auth API, based on the official AWS Java SDK. Easily create and retrieve AWSCredentials from a multitude of sources.
Add the following dependency to your project.clj
file:
[clj-aws-auth "0.1.0"]
(use 'aws.sdk.auth)
(def my-creds (get-credentials))
This will attempt to retrieve credentials using the default provider chain, which checks the following sources in order:
:environment
-AWS_ACCESS_KEY_ID
andAWS_SECRET_KEY
:system-properties
-aws.accessKeyId
andaws.secretKey
:instance-profile
- via the Amazon EC2 metadata service
If your credentials are available through one of these sources then you're all
set. Otherwise you'll get an com.amazonaws.AmazonClientException
.
This is equivalent to (get-credentials :default-chain)
and the same behavior
can be achieved with:
(get-credentials :environment :system-properties :instance-profile)
Credentials can be retrieved from a variety of sources and any of these sources
can be used directly with get-credentials
, credentials-provider
, and
credentials-provider-chain
.
Implementations of AWSCredentialsProvider
or AWSCredentials
from the
com.amazonaws.auth
are all valid sources of credentials and can be used
directly or indirectly in keyword form for convenience. The example above uses
keywords to indcate a chain of three credentials sources provided by the
com.amazonaws.auth
package. See credentials-provider
for a list of
supported keywords.
Clojure maps and functions can also be used as credentials sources, opening up additional possibilities. Here's a simple example:
(use 'aws.sdk.auth)
(defn creds-fn [] (credentials {:access-key "foo" :secret-key "bar"}))
(get-credentials creds-fn)
Here's a more realistic example, which will read your credentials from a gpg encrypted file, assuming you already have gpg installed and setup.
(use 'clojure.java.shell)
(defn gpg-creds [file]
(let [{:keys [out exit]} (sh "gpg" "--quiet" "--batch" "--decrypt" (str file))]
(when (pos? exit) (credentials (read-string out)))))
(get-credentials (partial gpg-creds "aws-credentials.clj.gpg"))
Copyright © 2013 Kevin Neaton
Distributed under the Eclipse Public License, the same as Clojure.