I am running java app on ECS fargate and have attached a role with the fargate task to perform s3 operations. From my java process i have started using DefaultCredentialsProviderChain.java from aws sdk to get the credentials and create s3 client. I am facing issues to understand below mentioned questions:
I followed below mentioned link but did not get my answers, Can anyone please help me to understand these queries.
https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html#credentials-chain
Which class in the chain (in DefaultCredentialsProviderChain.java) gets credentials
As you have attached a runtime role, the AWS will provide a metadata service. The credential provider will use the service to fetch the runtime credentials. By default the runtime credentials are valid for one hour (as far I recall).
https://docs.aws.amazon.com/AmazonS3/latest/userguide/AuthUsingTempSessionToken.html
Can i cache the s3 client created with credentials
Yes you can. The credential provider keeps track of the session lifetime and refresh the token some time before expiration (as well - as far I remember).
This actually places some limits when creating a presigned url. The presigned url is valid only until the credentials are valid. So it may happen that you create a presigned url and the url will be valid shorter time than expected