Who is this for and what problem do they have today?

This issue affects users of AutoMQ, particularly those running the application in containerised environments such as AWS EKS. Currently, the codebase is hardcoded to use StaticCredentialsProvider and InstanceProfileCredentialsProvider (Code Ref). This setup poses challenges when running AutoMQ in environments like EKS, where the use of IAM Roles for Service Accounts (IRSA) or Pod Identity is the recommended approach for managing AWS credentials.

In such environments, relying on hardcoded credential providers limits flexibility and prevents the application from automatically using the credentials chain as defined by AWS. This makes it difficult for the application to seamlessly acquire credentials, impacting deployments on modern container platforms.

Why is solving this problem impactful?

Switching to the DefaultCredentialsProvider will allow AutoMQ to benefit from AWS’s full credentials provider chain, which automatically handles multiple scenarios, including:

• Static credentials for local development.
• Instance profile credentials when running on EC2 instances.
• EKS IRSA for securely assigning roles to containers in an EKS cluster.

Additional notes

• Reference AWS documentation: AWS SDK for Java - Credentials Provider Chain.
• Proposed solution: Replace the current hardcoded usage of StaticCredentialsProvider and InstanceProfileCredentialsProvider with DefaultCredentialsProvider, which includes both these options and more. This change will enable support for EKS IRSA and other containerized environments out of the box.