Amazon WorkDocs
Developer Guide

Connect to Amazon WorkDocs by Assuming a Role and Browse a User’s Root Folder

This simple sample code, using the AWS Java SDK, illustrates the individual steps for assuming a role and using the role's temporary security credentials to access Amazon WorkDocs. The code sample uses describeFolderContents API to list of items present in a user's folder.

import java.util.ArrayList; import java.util.List; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.auth.BasicSessionCredentials; import com.amazonaws.regions.Regions; import com.amazonaws.services.securitytoken.AWSSecurityTokenService; import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder; import com.amazonaws.services.securitytoken.model.AssumeRoleRequest; import com.amazonaws.services.securitytoken.model.AssumeRoleResult; import com.amazonaws.services.workdocs.AmazonWorkDocs; import com.amazonaws.services.workdocs.AmazonWorkDocsClient; import com.amazonaws.services.workdocs.model.DescribeFolderContentsRequest; import com.amazonaws.services.workdocs.model.DescribeFolderContentsResult; import com.amazonaws.services.workdocs.model.DocumentMetadata; import com.amazonaws.services.workdocs.model.FolderMetadata; public class AssumeRoleDemo { private static final String DEMO_ROLE_ARN = "arn:aws:iam::111122223333:role/workdocs-readonly-role"; private static AmazonWorkDocs workDocs; public static void main(String[] args) throws Exception { AWSCredentials longTermCredentials = new BasicAWSCredentials("accessKey", "secretKey"); // Use developer’s long-term credentials to call the AWS Security Token Service (STS) // AssumeRole API, specifying the ARN for the role workdocs-readonly-role in // 3rd party AWS account. AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(longTermCredentials)) .withRegion(Regions.DEFAULT_REGION.getName()).build();; // If you are accessing a 3rd party account, then ExternalId should // be set on assumeRequest using the withExternalId() function. AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(DEMO_ROLE_ARN).withDurationSeconds(3600) .withRoleSessionName("demo"); AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); // AssumeRole returns temporary temporary security credentials obtained // for workdocs-readonly-role BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult .getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); // Build WorkDocs client using the temporary credentials. workDocs = AmazonWorkDocsClient.builder() .withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)) .withRegion(Regions.US_WEST_2).build(); // Invoke WorkDocs service calls using the temporary security credentials // obtained for workdocs-readonly-role. In this case a call has been made // to get metadata of Folders and Documents present in a user’s root folder. describeFolder("root-folder-id"); } private static void describeFolder(String folderId) { DescribeFolderContentsRequest request = new DescribeFolderContentsRequest(); request.setFolderId(folderId); request.setLimit(2); List<DocumentMetadata> documents = new ArrayList<>(); List<FolderMetadata> folders = new ArrayList<>(); String marker = null; do { request.setMarker(marker); DescribeFolderContentsResult result = workDocs.describeFolderContents(request); documents.addAll(result.getDocuments()); folders.addAll(result.getFolders()); marker = result.getMarker(); } while (marker != null); for (FolderMetadata folder : folders) System.out.println("Folder:" + folder.getName()); for (DocumentMetadata document : documents) System.out.println("Document:" + document.getLatestVersionMetadata().getName()); } }