Add ec2InstanceProfileName additional changes:

S-Saranya1 · S-Saranya1 · commit 7636c420b516 · 2025-06-26T10:18:01.000-07:00
- Refactor the code to resolve profile name
diff --git a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java
@@ -205,7 +205,7 @@ private RefreshResult<AwsCredentials> refreshCredentials() {
                 if (apiVersion == ApiVersion.UNKNOWN) {
                     apiVersion = ApiVersion.LEGACY;
                     return refreshCredentials();
-                } else if (ec2InstanceProfileName == null && configProvider.ec2InstanceProfileName() == null) {
+                } else if (resolveProfileName() == null) {
                     // Resolved profile name is invalid, reset it and try again
                     resolvedProfile = null;
                     
@@ -348,14 +348,16 @@ private boolean isInsecureFallbackDisabled() {
         return configProvider.isMetadataV1Disabled();
     }
 
-    private String[] getSecurityCredentials(String imdsHostname, String metadataToken) {
-        if (ec2InstanceProfileName != null) {
-            return new String[]{ec2InstanceProfileName};
-        }
+    private String resolveProfileName() {
+        return ec2InstanceProfileName != null ? 
+               ec2InstanceProfileName : 
+               configProvider.ec2InstanceProfileName();
+    }
 
-        String configuredProfileName = this.configProvider.ec2InstanceProfileName();
-        if (configuredProfileName != null) {
-            return new String[]{configuredProfileName};
+    private String[] getSecurityCredentials(String imdsHostname, String metadataToken) {
+        String profileName = resolveProfileName();
+        if (profileName != null) {
+            return new String[]{profileName};
         }
 
         if (resolvedProfile != null) {
@@ -417,12 +419,9 @@ public interface Builder extends HttpCredentialsProvider.Builder<InstanceProfile
          * Configure the EC2 instance profile name to use for retrieving credentials.
          * 
          * <p>When this is set, the provider will skip fetching the list of available instance profiles
-         * and use this name directly. This can improve performance by reducing the number of calls to IMDS.
-         * 
-         * <p>By default, this is not set and the provider will discover the instance profile name from IMDS.
+         * and use this name directly.
          * 
          * @param ec2InstanceProfileName The EC2 instance profile name to use
-         * @return This builder for method chaining
          */
         Builder ec2InstanceProfileName(String ec2InstanceProfileName);
         
diff --git a/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProviderTest.java b/core/auth/src/test/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProviderTest.java
@@ -412,6 +412,34 @@ void resolveCredentials_withConfigFileInstanceProfileName_skipsProfileDiscovery(
         WireMock.verify(0, getRequestedFor(urlPathEqualTo(CREDENTIALS_RESOURCE_PATH)));
     }
     
+    @Test
+    void resolveCredentials_withEnvironmentVariableInstanceProfileName_skipsProfileDiscovery() {
+        String envVarProfileName = "env-var-profile";
+        
+        try {
+            environmentVariableHelper.set(SdkSystemSetting.AWS_EC2_INSTANCE_PROFILE_NAME.environmentVariable(), envVarProfileName);
+            
+            stubFor(put(urlPathEqualTo(TOKEN_RESOURCE_PATH)).willReturn(aResponse().withBody(TOKEN_STUB)));
+            stubFor(get(urlPathEqualTo(CREDENTIALS_RESOURCE_PATH + envVarProfileName)).willReturn(aResponse().withBody(STUB_CREDENTIALS)));
+
+            InstanceProfileCredentialsProvider provider = InstanceProfileCredentialsProvider.builder().build();
+            AwsCredentials credentials = provider.resolveCredentials();
+
+            assertThat(credentials.accessKeyId()).isEqualTo("ACCESS_KEY_ID");
+            assertThat(credentials.secretAccessKey()).isEqualTo("SECRET_ACCESS_KEY");
+
+            WireMock.verify(putRequestedFor(urlPathEqualTo(TOKEN_RESOURCE_PATH))
+                       .withHeader(EC2_METADATA_TOKEN_TTL_HEADER, equalTo("21600")));
+
+            WireMock.verify(getRequestedFor(urlPathEqualTo(CREDENTIALS_RESOURCE_PATH + envVarProfileName))
+                       .withHeader(TOKEN_HEADER, equalTo(TOKEN_STUB)));
+
+            WireMock.verify(0, getRequestedFor(urlPathEqualTo(CREDENTIALS_RESOURCE_PATH)));
+        } finally {
+            environmentVariableHelper.reset();
+        }
+    }
+    
     @Test
     void resolveCredentials_withBlankInstanceProfileName_throwsException() {
         assertThatThrownBy(() -> InstanceProfileCredentialsProvider.builder()
