notes/devops/cloud/aws/features/security/credentials.txt

https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/AWSCredentialsProvider.html
https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/EnvironmentVariableCredentialsProvider.html

Using the Default Credential Provider Chain

When you initialize a new service client without supplying any arguments,
the AWS SDK for Java attempts to find AWS credentials by using the default credential provider chain
implemented by the DefaultAWSCredentialsProviderChain class.
The default credential provider chain looks for credentials in this order:

1. Environment variables–AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
    The AWS SDK for Java uses the EnvironmentVariableCredentialsProvider class to load these credentials.
2...

...

When using temporary credentials obtained from STS, create a BasicSessionCredentials object,
passing it the STS-supplied credentials and session token.

BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(
   session_creds.getAccessKeyId(),
   session_creds.getSecretAccessKey(),
   session_creds.getSessionToken());

AmazonS3 s3 = AmazonS3ClientBuilder
    .standard()
    .withCredentials(new AWSStaticCredentialsProvider(sessionCredentials))
    .build();