Spring Cloud AWS – Assume Role & Proxy configuration for STS & SQS

@Configuration
public class AppConfig {
private static final String SESSION_NAME = "sample";

@Value("${proxy.host:#{null}}")
private String proxyHost;

@Value("${proxy.port:0}")
private int proxyPort;

@Value("${cloud.aws.region.static}")
private String region;

@Bean
@Primary
public AWSCredentialsProvider awsCredentialsProvider(
@Value("${cloud.aws.credentials.accessKey}") String accessKey,
@Value("${cloud.aws.credentials.secretKey}") String secretKey,
@Value("${cloud.aws.role}") String role) {

AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(region)
.withClientConfiguration(clientConfiguration())
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
.build();

return new STSAssumeRoleSessionCredentialsProvider
.Builder(role, SESSION_NAME)
.withStsClient(stsClient)
.build();
}

@Bean
public QueueMessageHandlerFactory queueMessageHandlerFactory() {
QueueMessageHandlerFactory factory = new QueueMessageHandlerFactory();
MappingJackson2MessageConverter messageConverter = new MappingJackson2MessageConverter();

messageConverter.setStrictContentTypeMatch(false);
factory.setArgumentResolvers(Collections.singletonList(new PayloadArgumentResolver(messageConverter)));
return factory;
}

@Bean(name = "amazonSQS")
public AmazonSQSAsync amazonSQSAsyncClient(AWSCredentialsProvider awsCredentialsProvider) {
return AmazonSQSAsyncClientBuilder.standard()
.withRegion(region)
.withCredentials(awsCredentialsProvider)
.withClientConfiguration(clientConfiguration())
.build();
}

@Bean
ClientConfiguration clientConfiguration() {
ClientConfiguration clientConfiguration = new ClientConfiguration();

if (!StringUtils.isEmpty(proxyHost)) {
clientConfiguration.setProxyHost(proxyHost);
clientConfiguration.setProxyPort(proxyPort);
}

return clientConfiguration;
}
}