aws · S-Saranya1 · Aug 27, 2025
@@ -0,0 +1,51 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.auth.credentials.internal;
+
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
+import software.amazon.awssdk.core.SdkRequest;
+import software.amazon.awssdk.core.interceptor.Context;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
+import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
+
+/**
+ * Interceptor that adds the CREDENTIALS_IMDS business metric when IMDS credentials are being used.
+ */
+@SdkInternalApi
+public final class ImdsCredentialsBusinessMetricInterceptor implements ExecutionInterceptor {
+
+    @Override
+    public SdkRequest modifyRequest(Context.ModifyRequest context, ExecutionAttributes executionAttributes) {
+        AwsCredentials credentials = executionAttributes.getAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS);
+
+        if (credentials != null && isImdsCredentials(credentials)) {
+            executionAttributes.getAttribute(SdkInternalExecutionAttribute.BUSINESS_METRICS)
+                               .addMetric(BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
+        }
+
+        return context.request();
+    }
+
+    private boolean isImdsCredentials(AwsCredentials credentials) {
+        return credentials.providerName()
+                         .map(name -> name.contains("InstanceProfile"))
+                         .orElse(false);
+    }
+}
@@ -0,0 +1 @@
+software.amazon.awssdk.auth.credentials.internal.ImdsCredentialsBusinessMetricInterceptor
@@ -0,0 +1,120 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.auth.credentials;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Optional;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.auth.credentials.internal.ImdsCredentialsBusinessMetricInterceptor;
+import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
+import software.amazon.awssdk.core.SdkRequest;
+import software.amazon.awssdk.core.interceptor.Context;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
+import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
+
+public class ImdsCredentialsInUserAgentTest {
+
+    private ImdsCredentialsBusinessMetricInterceptor interceptor;
+    private ExecutionAttributes executionAttributes;
+    private BusinessMetricCollection businessMetrics;
+    private Context.ModifyRequest context;
+
+    @BeforeEach
+    void setUp() {
+        interceptor = new ImdsCredentialsBusinessMetricInterceptor();
+        executionAttributes = new ExecutionAttributes();
+        businessMetrics = new BusinessMetricCollection();
+        executionAttributes.putAttribute(SdkInternalExecutionAttribute.BUSINESS_METRICS, businessMetrics);
+
+        context = mock(Context.ModifyRequest.class);
+        SdkRequest request = mock(SdkRequest.class);
+        when(context.request()).thenReturn(request);
+    }
+
+    @Test
+    public void imdsCredentials_shouldHaveImdsCredentialsBusinessMetric() {
+        // Create credentials with IMDS provider name
+        AwsCredentials imdsCredentials = createCredentialsWithProviderName("InstanceProfileCredentialsProvider");
+        executionAttributes.putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, imdsCredentials);
+
+        interceptor.modifyRequest(context, executionAttributes);
+
+        assertThat(businessMetrics.recordedMetrics())
+            .contains(BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
+    }
+
+    @Test
+    public void regularCredentials_shouldNotHaveImdsCredentialsBusinessMetric() {
+        // Create credentials with non-IMDS provider name
+        AwsCredentials regularCredentials = createCredentialsWithProviderName("DefaultCredentialsProvider");
+        executionAttributes.putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, regularCredentials);
+
+        interceptor.modifyRequest(context, executionAttributes);
+
+        assertThat(businessMetrics.recordedMetrics())
+            .doesNotContain(BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
+    }
+
+    @Test
+    public void containerCredentials_shouldNotHaveImdsCredentialsBusinessMetric() {
+        // Test with "ContainerCredentialsProvider" provider name - should NOT be considered IMDS
+        AwsCredentials containerCredentials = createCredentialsWithProviderName("ContainerCredentialsProvider");
+        executionAttributes.putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, containerCredentials);
+
+        interceptor.modifyRequest(context, executionAttributes);
+
+        assertThat(businessMetrics.recordedMetrics())
+            .doesNotContain(BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
+    }
+
+    @Test
+    public void credentialsWithoutProviderName_shouldNotHaveImdsCredentialsBusinessMetric() {
+        // Test with credentials that don't have a provider name
+        AwsCredentials credentialsWithoutProviderName = AwsBasicCredentials.create("accessKey", "secretKey");
+        executionAttributes.putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, credentialsWithoutProviderName);
+
+        interceptor.modifyRequest(context, executionAttributes);
+
+        assertThat(businessMetrics.recordedMetrics())
+            .doesNotContain(BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
+    }
+
+    private AwsCredentials createCredentialsWithProviderName(String providerName) {
+        AwsCredentials baseCredentials = AwsBasicCredentials.create("accessKey", "secretKey");
+        return new AwsCredentials() {
+            @Override
+            public String accessKeyId() {
+                return baseCredentials.accessKeyId();
+            }
+
+            @Override
+            public String secretAccessKey() {
+                return baseCredentials.secretAccessKey();
+            }
+
+            @Override
+            public Optional<String> providerName() {
+                return Optional.of(providerName);
+            }
+        };
+    }
+}
@@ -22,7 +22,7 @@
 /**
  * An enum class representing a short form of identity providers to record in the UA string.
  *
- * Unimplemented metrics: I,J,K,M,O,S,U-c,e-[latest]
+ * Unimplemented metrics: I,M,O,S,U-c,e-[latest]
  * Unsupported metrics (these will never be added): A,H
  */
 @SdkProtectedApi
@@ -34,6 +34,8 @@ public enum BusinessMetricFeatureId {
     RETRY_MODE_STANDARD("E"),
     RETRY_MODE_ADAPTIVE("F"),
     S3_TRANSFER("G"),
+    S3_EXPRESS_BUCKET("J"),
+    S3_ACCESS_GRANTS("K"),
     GZIP_REQUEST_COMPRESSION("L"), //TODO(metrics): Not working, compression happens after header
     ENDPOINT_OVERRIDE("N"),
     ACCOUNT_ID_MODE_PREFERRED("P"),
@@ -42,6 +44,7 @@ public enum BusinessMetricFeatureId {
     RESOLVED_ACCOUNT_ID("T"),
     DDB_MAPPER("d"),
     BEARER_SERVICE_ENV_VARS("3"),
+    CREDENTIALS_IMDS("0"),
     UNKNOWN("Unknown");
 
     private static final Map<String, BusinessMetricFeatureId> VALUE_MAP =
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		software.amazon.awssdk.auth.credentials.internal.ImdsCredentialsBusinessMetricInterceptor