diff --git a/plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueHiveMetastore.java b/plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueHiveMetastore.java index 0b6003180bcd..ca9bfcf26a19 100644 --- a/plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueHiveMetastore.java +++ b/plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueHiveMetastore.java @@ -232,20 +232,25 @@ else if (config.getPinGlueClientToCurrentRegion()) { private static AWSCredentialsProvider getAwsCredentialsProvider(GlueHiveMetastoreConfig config) { + if (config.getAwsCredentialsProvider().isPresent()) { + return getCustomAWSCredentialsProvider(config.getAwsCredentialsProvider().get()); + } + AWSCredentialsProvider provider; if (config.getAwsAccessKey().isPresent() && config.getAwsSecretKey().isPresent()) { - return new AWSStaticCredentialsProvider( + provider = new AWSStaticCredentialsProvider( new BasicAWSCredentials(config.getAwsAccessKey().get(), config.getAwsSecretKey().get())); } + else { + provider = DefaultAWSCredentialsProviderChain.getInstance(); + } if (config.getIamRole().isPresent()) { - return new STSAssumeRoleSessionCredentialsProvider + provider = new STSAssumeRoleSessionCredentialsProvider .Builder(config.getIamRole().get(), "trino-session") .withExternalId(config.getExternalId().orElse(null)) + .withLongLivedCredentialsProvider(provider) .build(); } - if (config.getAwsCredentialsProvider().isPresent()) { - return getCustomAWSCredentialsProvider(config.getAwsCredentialsProvider().get()); - } - return DefaultAWSCredentialsProviderChain.getInstance(); + return provider; } private static AWSCredentialsProvider getCustomAWSCredentialsProvider(String providerClass)