AWS S3 download file using role ARN

I have a S3 Object which i would like to query/download via JAVA AWS SDK
and for this i would be using AWS Role ARN. instead of using credentials

Is there a way we can do this using AWSCredentialsProvider

Expecting some means to do this via AWSCredentialsProvider

Could not find the right interface from the Library

It is not possible to access Amazon S3 by merely specifying the ARN of an IAM Role. (An ARN is considered public knowledge and does not convey any permissions.)

To 'use' an IAM Role, you first need to use permanent credentials such as those associated with an IAM User.

Then, using those credentials, you need to call AssumeRole(), passing the ARN of the IAM Role you wish to use (or 'assume'). The IAM User must have permission to call AssumeRole on the IAM Role.

Then, you will receive back a set of temporary credentials that you can use to access Amazon S3.

However, if your code is running on an Amazon EC2 instance and the IAM Role have already been assigned to the EC2 instance, then your code can simply call S3 directly. The credentials will be provided by the EC2 instance metadata service.

To do what you are looking for, you need to use the the StsClient service client and invoke the assumeRole() method. This gives you temp creds that you can use to perform an AWS Service operation that includes S3 operatons.

To learn how to do this, I recommend looking at the example in the AWS Code Library where there is a full end to end example that performs these tasks:

1. Creates a user that has no permissions.
2. Creates a role and policy that grants Amazon S3 permissions.
3. Creates a role.
4. Grants the user permissions.
5. Gets temporary credentials by assuming the role. Creates an Amazon S3 Service client object with the temporary credentials.
6. Deletes the resources.

See --

Create an IAM user and assume a role with AWS STS using an AWS SDK