kfzteile24 · FlorinCR · Jun 13, 2025 · May 21, 2025 · May 21, 2025 · May 21, 2025
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -46,20 +46,6 @@ public function getConfigTreeBuilder()
                             ->scalarNode('secret_access_key')
                                 ->isRequired()
                             ->end()
-                            ->arrayNode('role_based')
-                                ->canBeEnabled()
-                                ->children()
-                                    ->scalarNode('web_identity_token_file')
-                                        ->isRequired()
-                                    ->end()
-                                    ->scalarNode('role_arn')
-                                        ->isRequired()
-                                    ->end()
-                                    ->scalarNode('session_name')
-                                        ->isRequired()
-                                    ->end()
-                                ->end()
-                            ->end()
                             ->arrayNode('large_payload_client')
                                 ->canBeEnabled()
                                 ->children()

diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php
@@ -10,8 +10,6 @@
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\DependencyInjection\Loader;
-use Aws\Sts\StsClient;
-use Aws\Credentials\CredentialProvider;
 
 /**
  * This is the class that loads and manages your bundle configuration.
@@ -38,43 +36,19 @@ public function load(array $configs, ContainerBuilder $container)
             $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType));
             $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType));
 
-            if (empty($client['role_based']) || empty($client['role_based']['web_identity_token_file'])) {
-                $adapterDefinition = new Definition($adapterClass, [
-                    [
-                        'region' => $client['region'],
-                        'endpoint' => $client['endpoint'],
-                        'credentials' => [
-                            'key' => $client['access_key'],
-                            'secret' => $client['secret_access_key']
-                        ],
-                        'version' => $apiVersion
-                    ]
-                ]);
-            } else {
-                $stsClient = new StsClient([
-                    'region'      => $client['region'],
-                    'version'     => $apiVersion,
+            $adapterDefinition = new Definition($adapterClass, [
+                [
+                    'region' => $client['region'],
+                    'endpoint' => $client['endpoint'],
                     'credentials' => [
-                        'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'],
-                        'roleArn' => $client['role_based']['role_arn'],
-                        'roleSessionName' => $client['role_based']['session_name'],
-                    ]
-                ]);
-
-                $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]);
-                // Cache the results in a memoize function to avoid loading and parsing
-                // the ini file on every API operation
-                $provider = CredentialProvider::memoize($provider);
-                $adapterDefinition = new Definition($adapterClass, [
-                    [
-                        'region' => $client['region'],
-                        'version' => $apiVersion,
-                        'credentials' => $provider
-                    ]
-                ]);
-            }
-
+                        'key' => $client['access_key'],
+                        'secret' => $client['secret_access_key']
+                    ],
+                    'version' => $apiVersion
+                ]
+            ]);
             $adapterDefinition->setPublic(false);
+
             $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name);
             $container->setDefinition($adapterDefinitionName, $adapterDefinition);
 
@@ -171,4 +145,4 @@ private function buildS3ClientDefinition(string $definitionName, array $config,
 
         $container->setDefinition($definitionName, $s3ClientDefinition);
     }
-}
+}
diff --git a/README.md b/README.md
@@ -36,10 +36,6 @@ kfz24_queue:
             resource:                    "https://sqs.eu-central-1.amazonaws.com/123456789012/another-queue"
             access_key:                  "AKIAABCDEFGHIJKLMNOP"
             secret_access_key:           "s3CR3t4Cc3S5K3y"
-            role_based:
-              web_identity_token_file:    "%AWS_WEB_IDENTITY_TOKEN_FILE%"
-              role_arn:                   "arn-role-XYZ"
-              session_name:               "ABC-session-name"
             large_payload_client:
                 region:                  "eu-central-1"
                 endpoint:                "http://s3-eu-central-1.amazonaws.com/consumer_bucket"

diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml
@@ -12,7 +12,9 @@ parameters:
 services:
   kfz24.queue.message_validator:
     class: Aws\Sns\MessageValidator
+    public: true
     arguments:
       $certClient: "@kfz24.aws.cached_cert_client"
   kfz24.aws.cached_cert_client:
+    public: true
     class: Kfz24\QueueBundle\Client\Aws\CachedCertClient