Show CallerIdentity when connect to S3 client

contrib/aws-cmake/CMakeLists.txt

@@ -32,6 +32,7 @@ endif()
 SET(AWS_SDK_DIR "${TiFlash_SOURCE_DIR}/contrib/aws")
 SET(AWS_SDK_CORE_DIR "${AWS_SDK_DIR}/src/aws-cpp-sdk-core")
 SET(AWS_SDK_S3_DIR "${AWS_SDK_DIR}/generated/src/aws-cpp-sdk-s3")
+SET(AWS_SDK_STS_DIR "${AWS_SDK_DIR}/generated/src/aws-cpp-sdk-sts")
 
 SET(AWS_AUTH_DIR "${TiFlash_SOURCE_DIR}/contrib/aws-c-auth")
 SET(AWS_CAL_DIR "${TiFlash_SOURCE_DIR}/contrib/aws-c-cal")
@@ -115,6 +116,14 @@ file(GLOB AWS_SDK_S3_SRC
 list(APPEND AWS_SOURCES ${AWS_SDK_S3_SRC})
 list(APPEND AWS_PUBLIC_INCLUDES "${AWS_SDK_S3_DIR}/include/")
 
+# aws-cpp-sdk-sts
+file(GLOB AWS_SDK_STS_SRC
+    "${AWS_SDK_STS_DIR}/source/*.cpp"
+    "${AWS_SDK_STS_DIR}/source/model/*.cpp"
+)
+
+list(APPEND AWS_SOURCES ${AWS_SDK_STS_SRC})
+list(APPEND AWS_PUBLIC_INCLUDES "${AWS_SDK_STS_DIR}/include/")
 
 # aws-c-auth
 file(GLOB AWS_AUTH_SRC

dbms/src/Storages/S3/S3Common.cpp

@@ -44,6 +44,10 @@
 #include <aws/s3/model/PutBucketLifecycleConfigurationRequest.h>
 #include <aws/s3/model/PutObjectRequest.h>
 #include <aws/s3/model/TaggingDirective.h>
+#include <aws/sts/STSClient.h>
+#include <aws/sts/STSServiceClientModel.h>
+#include <aws/sts/model/GetCallerIdentityRequest.h>
+#include <aws/sts/model/GetCallerIdentityResult.h>
 #include <common/logger_useful.h>
 #include <kvproto/disaggregated.pb.h>
 #include <pingcap/kv/Cluster.h>
@@ -335,7 +339,7 @@ ClientFactory & ClientFactory::instance()
 
 std::unique_ptr<Aws::S3::S3Client> ClientFactory::create() const
 {
-    return create(config);
+    return create(config, log);
 }
 
 std::shared_ptr<TiFlashS3Client> ClientFactory::sharedTiFlashClient()
@@ -346,7 +350,7 @@ std::shared_ptr<TiFlashS3Client> ClientFactory::sharedTiFlashClient()
     return initClientFromWriteNode();
 }
 
-std::unique_ptr<Aws::S3::S3Client> ClientFactory::create(const StorageS3Config & config_)
+std::unique_ptr<Aws::S3::S3Client> ClientFactory::create(const StorageS3Config & config_, const LoggerPtr & log)
 {
     Aws::Client::ClientConfiguration cfg;
     cfg.maxConnections = config_.max_connections;
@@ -361,6 +365,22 @@ std::unique_ptr<Aws::S3::S3Client> ClientFactory::create(const StorageS3Config &
     }
     if (config_.access_key_id.empty() && config_.secret_access_key.empty())
     {
+        Aws::Client::ClientConfiguration sts_cfg;
+        sts_cfg.verifySSL = false;
+        Aws::STS::STSClient sts_client(sts_cfg);
+        Aws::STS::Model::GetCallerIdentityRequest req;
+        auto get_identity_outcome = sts_client.GetCallerIdentity(req);
+        if (!get_identity_outcome.IsSuccess())
+        {
+            const auto & error = get_identity_outcome.GetError();
+            LOG_WARNING(log, "get CallerIdentity failed, exception={} message={}", error.GetExceptionName(), error.GetMessage());
+        }
+        else
+        {
+            const auto & result = get_identity_outcome.GetResult();
+            LOG_INFO(log, "CallerIdentity{{UserId:{}, Account:{}, Arn:{}}}", result.GetUserId(), result.GetAccount(), result.GetArn());
+        }
+
         // Request that does not require authentication.
         // Such as the EC2 access permission to the S3 bucket is configured.
         // If the empty access_key_id and secret_access_key are passed to S3Client,

dbms/src/Storages/S3/S3Common.h

@@ -129,7 +129,7 @@ class ClientFactory
     DISALLOW_COPY_AND_MOVE(ClientFactory);
     std::unique_ptr<Aws::S3::S3Client> create() const;
 
-    static std::unique_ptr<Aws::S3::S3Client> create(const StorageS3Config & config_);
+    static std::unique_ptr<Aws::S3::S3Client> create(const StorageS3Config & config_, const LoggerPtr & log);
     static Aws::Http::Scheme parseScheme(std::string_view endpoint);
 
     std::shared_ptr<TiFlashS3Client> initClientFromWriteNode();