Consistently use AWS credentials providers from `WhisperServerService`

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -8,7 +8,7 @@ import static com.codahale.metrics.MetricRegistry.name;
 import static java.util.Objects.requireNonNull;
 
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
+import com.amazonaws.auth.AWSCredentialsProviderChain;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder;
 import com.codahale.metrics.SharedMetricRegistries;
@@ -233,7 +233,9 @@ import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain;
+import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.dynamodb.DynamoDbAsyncClient;
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
@@ -245,10 +247,15 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
   public static final String SECRETS_BUNDLE_FILE_NAME_PROPERTY = "secrets.bundle.filename";
 
-  private static final software.amazon.awssdk.auth.credentials.AwsCredentialsProvider AWSSDK_CREDENTIALS_PROVIDER =
+  public static final software.amazon.awssdk.auth.credentials.AwsCredentialsProvider AWSSDK_CREDENTIALS_PROVIDER =
       AwsCredentialsProviderChain.of(
-          software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create(),
+          InstanceProfileCredentialsProvider.create(),
-          software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider.create());
+          WebIdentityTokenFileCredentialsProvider.create());
+
+  public static final AWSCredentialsProviderChain AWSSDK_V1_CREDENTIALS_PROVIDER_CHAIN = new AWSCredentialsProviderChain(
+      com.amazonaws.auth.InstanceProfileCredentialsProvider.getInstance(),
+      com.amazonaws.auth.WebIdentityTokenCredentialsProvider.create()
+  );
 
 
   @Override
@@ -327,12 +334,10 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     ResourceBundleLevelTranslator resourceBundleLevelTranslator = new ResourceBundleLevelTranslator(
         headerControlledResourceBundleLookup);
 
-    DynamoDbAsyncClient dynamoDbAsyncClient = DynamoDbFromConfig.asyncClient(
+    DynamoDbAsyncClient dynamoDbAsyncClient = DynamoDbFromConfig.asyncClient(config.getDynamoDbClientConfiguration(),
-        config.getDynamoDbClientConfiguration(),
         AWSSDK_CREDENTIALS_PROVIDER);
 
-    DynamoDbClient dynamoDbClient = DynamoDbFromConfig.client(
+    DynamoDbClient dynamoDbClient = DynamoDbFromConfig.client(config.getDynamoDbClientConfiguration(),
-        config.getDynamoDbClientConfiguration(),
         AWSSDK_CREDENTIALS_PROVIDER);
 
     AmazonDynamoDB deletedAccountsLockDynamoDbClient = AmazonDynamoDBClientBuilder.standard()
@@ -341,7 +346,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
                 ((int) config.getDynamoDbClientConfiguration().getClientExecutionTimeout().toMillis()))
             .withRequestTimeout(
                 (int) config.getDynamoDbClientConfiguration().getClientRequestTimeout().toMillis()))
-        .withCredentials(InstanceProfileCredentialsProvider.getInstance())
+        .withCredentials(AWSSDK_V1_CREDENTIALS_PROVIDER_CHAIN)
         .build();
 
     DeletedAccounts deletedAccounts = new DeletedAccounts(dynamoDbClient,

service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java

@@ -8,7 +8,6 @@ package org.whispersystems.textsecuregcm.workers;
 import static com.codahale.metrics.MetricRegistry.name;
 
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -25,6 +24,7 @@ import java.util.concurrent.Executors;
 import net.sourceforge.argparse4j.inf.Namespace;
 import net.sourceforge.argparse4j.inf.Subparser;
 import org.whispersystems.textsecuregcm.WhisperServerConfiguration;
+import org.whispersystems.textsecuregcm.WhisperServerService;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
@@ -130,12 +130,10 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
         dynamicConfigurationManager);
 
     DynamoDbAsyncClient dynamoDbAsyncClient = DynamoDbFromConfig.asyncClient(
-        configuration.getDynamoDbClientConfiguration(),
+        configuration.getDynamoDbClientConfiguration(), WhisperServerService.AWSSDK_CREDENTIALS_PROVIDER);
-        software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create());
 
-    DynamoDbClient dynamoDbClient = DynamoDbFromConfig.client(
+    DynamoDbClient dynamoDbClient = DynamoDbFromConfig.client(configuration.getDynamoDbClientConfiguration(),
-        configuration.getDynamoDbClientConfiguration(),
+        WhisperServerService.AWSSDK_CREDENTIALS_PROVIDER);
-        software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create());
 
     AmazonDynamoDB deletedAccountsLockDynamoDbClient = AmazonDynamoDBClientBuilder.standard()
         .withRegion(configuration.getDynamoDbClientConfiguration().getRegion())
@@ -145,7 +143,7 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
             .withRequestTimeout(
                 (int) configuration.getDynamoDbClientConfiguration().getClientRequestTimeout()
                     .toMillis()))
-        .withCredentials(InstanceProfileCredentialsProvider.getInstance())
+        .withCredentials(WhisperServerService.AWSSDK_V1_CREDENTIALS_PROVIDER_CHAIN)
         .build();
 
     DeletedAccounts deletedAccounts = new DeletedAccounts(dynamoDbClient,

service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java

@@ -8,7 +8,6 @@ package org.whispersystems.textsecuregcm.workers;
 import static com.codahale.metrics.MetricRegistry.name;
 
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -20,6 +19,7 @@ import java.time.Clock;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import org.whispersystems.textsecuregcm.WhisperServerConfiguration;
+import org.whispersystems.textsecuregcm.WhisperServerService;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
@@ -112,12 +112,10 @@ record CommandDependencies(
         dynamicConfigurationManager);
 
     DynamoDbAsyncClient dynamoDbAsyncClient = DynamoDbFromConfig.asyncClient(
-        configuration.getDynamoDbClientConfiguration(),
+        configuration.getDynamoDbClientConfiguration(), WhisperServerService.AWSSDK_CREDENTIALS_PROVIDER);
-        software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create());
 
     DynamoDbClient dynamoDbClient = DynamoDbFromConfig.client(
-        configuration.getDynamoDbClientConfiguration(),
+        configuration.getDynamoDbClientConfiguration(), WhisperServerService.AWSSDK_CREDENTIALS_PROVIDER);
-        software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create());
 
     AmazonDynamoDB deletedAccountsLockDynamoDbClient = AmazonDynamoDBClientBuilder.standard()
         .withRegion(configuration.getDynamoDbClientConfiguration().getRegion())
@@ -127,7 +125,7 @@ record CommandDependencies(
             .withRequestTimeout(
                 (int) configuration.getDynamoDbClientConfiguration().getClientRequestTimeout()
                     .toMillis()))
-        .withCredentials(InstanceProfileCredentialsProvider.getInstance())
+        .withCredentials(WhisperServerService.AWSSDK_V1_CREDENTIALS_PROVIDER_CHAIN)
         .build();
 
     DeletedAccounts deletedAccounts = new DeletedAccounts(dynamoDbClient,