Leveraging temporary credentials

You can configure your Beam IO connectors to pull temporary credentials from the KDA environment. Here’s a snippet illustrating how to configure the KinesisIO connector.

input = p
    .apply("Kinesis source", KinesisIO
        .read()
        .withAWSClientsProvider(new DefaultCredentialsProviderClientsProvider())
        ...
    )

Leveraging temporary credentials has the advantage that you don’t need to hard coding credentials in your code. Instead, you access permissions for an IAM Role that is then associated with your KDA application. The temporary credentials are then exposed through the evenvironment and will be automatically picked up by the DefaultCredentialsProviderClientsProvider.