Skip to content

EC2 IMDS Changes to Support Account ID #6176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

EC2 IMDS Changes to Support Account ID #6176

wants to merge 12 commits into from

Conversation

S-Saranya1
Copy link
Contributor

@S-Saranya1 S-Saranya1 commented Jun 12, 2025
edited
Loading

Add support for extracting account ID from Instance Metadata Credentials Provider

Motivation and Context

Add support in IMDS credentials provider to retrieve accountID.

Modifications

  • Added support for new /latest/meta-data/iam/security-credentials-extended/ IMDS endpoint
  • Added fallback logic to legacy endpoint '/latest/meta-data/iam/security-credentials/{ROLE}'
  • Added support for AccountId to extract it from IMDS response.

Testing

Added unit tests using WireMock to verify:

  • Successful retrieval of credentials with account ID from extended endpoint
  • Proper fallback to legacy endpoint when extended endpoint returns 404

Performed integration testing on EC2:

  • Verified successful account ID resolution on allowlisted instances
  • Confirmed fallback to legacy endpoint on non-allowlisted instances

Screenshots (if appropriate)

Tested Code:

public class ImdsAccountIdTest {
    public static void main(String[] args) {
        try {
            InstanceProfileCredentialsProvider provider = InstanceProfileCredentialsProvider.create();
            AwsCredentials credentials = provider.resolveCredentials();
            System.out.println("Successfully resolved credentials!");
            System.out.println("Access Key ID: " + credentials.accessKeyId().substring(0, 5) + "...");
            System.out.println("Account ID: " + credentials.accountId().orElse("Not available"));

        } catch (Exception e) {
            System.err.println("Error: " + e.getMessage());
            e.printStackTrace();
            System.exit(1);
        }
    }
}

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@S-Saranya1 S-Saranya1 requested a review from a team as a code owner June 12, 2025 15:49
zoewangg
zoewangg requested changes Jun 13, 2025
View reviewed changes
@S-Saranya1
Additional Changes
4a76367 
-created a new integration test file for IMDS extended url separating it from legacy
-Included the status code to the fallback logic
@S-Saranya1
Additional Changes
c3d02a5 
- Removed the duplicate test files
- Make ApiVersion Volatile
zoewangg
zoewangg reviewed Jun 17, 2025
View reviewed changes
@S-Saranya1
Additional Changes:
e42ad38 
-Adding additional tests
-Updating to use AtomicReference
dagnir
dagnir requested changes Jun 17, 2025
View reviewed changes
@S-Saranya1
Address PR feedback:
c5e41b5 
Updating the debug logging message
Modified the fallback logic in refresh credentials
@S-Saranya1
Replacing AtomicReference fields and updating test file
f41795b
alextwoods
alextwoods approved these changes Jun 18, 2025
View reviewed changes
Copy link
Contributor

@alextwoods alextwoods left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
12 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagnir dagnir dagnir requested changes

@L-Applin L-Applin L-Applin left review comments

@zoewangg zoewangg zoewangg approved these changes

@alextwoods alextwoods alextwoods approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@S-Saranya1 @dagnir @L-Applin @zoewangg @alextwoods