WebIdentityTokenFileCredentialsProvider throws IllegalStateException if "sts" dependency on path in 2.38.3+

[internetstaff]

Describe the bug

Starting in 2.38.3, likely due to the fix for #6529, if we have the "sts" dependency on our path, we get:

IllegalStateException: Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set.

Perhaps this is now expected behavior, but in our case "sts" comes in from the Apache Camel S3 component and had to be excluded or it breaks the Spring Cloud AWS parameterstore integration by silently throwing this error internally.

I believe this is coming from the DefaultCredentialsProvider, so it seems odd that this would be fatal now.

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

Either nothing, or an INFO log noting that this provider isn't configured.

Current Behavior

Application dies.

Reproduction Steps

In my case, boot a Spring Cloud AWS application with parameter store import support enabled with "sts" on the classpath.

Likely reproducible using DefaultCredentialProvider with sts on the classpath and without AWS_WEB_IDENTITY_TOKEN_FILE configured.

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.39.2

JDK version used

25

Operating System and version

Linux

[bhoradc]

Hi @internetstaff

Thank you for reporting the issue. I tested DefaultCredentialsProvider with STS on classpath and no web identity tokens configured - both pre and post-fix (v2.38.3) versions behaved identical. It handled the missing web identity token confiiguration gracefully by catching the IllegalStateException and continuing to the next provider in the chain. Tested with and without Spring Cloud AWS integration.

Can you kindly provide below details to look into this further?

• The exact error message and complete stack trace you're seeing in v2.38.3+.
• SDK Debug logs to check where in the credential resolution process the behavior might have changed.
• Minimal reproducible code sample that demonstrates the issue.

Regards,
Chaitanya

[bhoradc]

Hi @internetstaff

I noticed this Spring Cloud AWS issue - awspring/spring-cloud-aws#1517 which already identified the discussed breaking change behavior. Check out this fix awspring/spring-cloud-aws#1444 where it only creates STS providers when actually configured.

Regards,
Chaitanya

[internetstaff]

Dang, missed that despite looking. Thanks!

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.