Connect to S3 With Permanent AWS Credentials

When connecting to S3, by default, CapStorm applications will:

  1. Read Permanent Credentials provided using the AWS Provider Chain
  2. Use these credentials to request temporary session credentials via the AWS STS (Security Token Service).
  3. Periodically refresh the temporary credentials for continued access.

This approach minimizes the use of permanent credentials by keeping them off the wire during ongoing operations.

When to Use Permanent Credentials Directly

In some environments — such as self hosted S3-compatible storage or situations where STS is unavailable — you may need to bypass temporary credential retrieval.

This article describes how to configure CapStorm applications to connect to S3 using permanent credentials directly.

Configuring CopyStorm to Use Permanent Credentials

To configure CopyStorm to use permanent AWS credentials when communicating with S3:

  1. Create an XML file called CapStormAWSCredentialsProvider.xml
  2. Place the XML file in the config directory of the CopyStorm base installation.
    1. Note: If External Configuration is being used, this file can instead be placed in the designated External Configuration location.

An example CapStormAWSCredentialsProvider.xml disabling temporary credentials is shown below:

Copy to Clipboard