Page tree
Skip to end of metadata
Go to start of metadata

Extension ID


What's new?

See AWS Java 1.2 - Release Notes for more information.

Supported services and frameworks

 framework →


SDK 1.x, 2.x


Lambda creation and link to handler 

Lambda invoke(tick)
SNS publish(tick)
SNS subscription: http(tick)
SNS subscription: email/SMS(tick)
SNS subscription: sqs(tick)
SNS subscription: lambda(tick)

Note that the support of SQS services with SDK for java is provided by com.castsoftware.mqe extension. The support of AWS dynamodb services with SDK for Java is provided by com.castsoftware.nosqljava.



Java Call to AWS Lambda Function

Java Call to AWS unknown Lambda Function

Java AWS Simple Queue Service Receiver

Java AWS Simple Queue Service Publisher

Java AWS Unknown Simple Queue Service Receiver

Java AWS Unknown Simple Queue Service Publisher

Java AWS SNS Publisher

Java AWS SNS Subscriber

Java AWS SNS Unknown Publisher

Java AWS SNS Unkown Subscriber

Java AWS SMS, Java AWS Email

Java AWS Post Service

Java AWS S3 Bucket

Java AWS unknown S3 Bucket

In what situation should you install this extension?

This extension should be used for analyzing java source code using an of the supported AWS services. 

Support of lambda functions 

  • Lambda services allow executing some source code on the cloud. The execution can be set to be triggered by some AWS events.  
  • Lambda functions can be deployed using several deployment frameworks. The supported deployment frameworks are listed on this page.
  • When a lambda function is created and its runtime is java, the current extension is responsible for linking the lambda objects and their triggers with the java handler functions.


Let us consider a source code defining a lambda function having a java runtime (for instance java8) and the handler function is given by the handler function fullname. If the lambda function is deployed using a supported deployment framework (such as CloudFormation), the analysis will create a lambda function. If the current extension finds a java method matching the handler fullname a link to that java method will be added from the lambda function.

Some applications are using a monolithic pattern: only one handler function is used for many (if not all) API Gateways. That handler function then dispatches the call to sub-handler functions using switches based on the URLs. Ideally, in the modelization, each API Gateway should be linked to its dedicated sub-handler function. However, in our modelization, all API Gateways will be linked to the root handler function. 

Support for SDK

Support for S3

Supported S3 APIs for SDK v1

For the following methods of the client we create links to the bucket:

Link TypeMethods
useUpdateLinkputObject, uploadPart
useInsertLinkputObject, uploadPart
useSelectLinkgetObject, listObjects, listObjectsV2, getObjectAsString, listObjects, listObjectsV2
useDeleteLinkdeleteBucket, deleteObject, deleteObjects
callLinkchangeObjectStorageClass, deleteBucketAnalyticsConfiguration, deleteBucketCrossOriginConfiguration, deleteBucketEncryption, deleteBucketIntelligentTieringConfiguration, deleteBucketInventoryConfiguration, deleteBucketLifecycleConfiguration, deleteBucketMetricsConfiguration, deleteBucketPolicy, deleteBucketReplicationConfiguration, deleteBucketTaggingConfiguration, deleteBucketWebsiteConfiguration, deleteObjectTagging, deleteVersion, disableRequesterPays, doesBucketExist, doesBucketExistV2, doesObjectExist, download, enableRequesterPays, generatePresignedUrl, getBucketAccelerateConfiguration, getBucketAcl, getBucketAnalyticsConfiguration, getBucketCrossOriginConfiguration, getBucketIntelligentTieringConfiguration, getBucketInventoryConfiguration, getBucketLifecycleConfiguration, getBucketLocation, getBucketLoggingConfiguration, getBucketMetricsConfiguration, getBucketNotificationConfiguration, getBucketOwnershipControls, getBucketPolicy, getBucketReplicationConfiguration, getBucketTaggingConfiguration, getBucketVersioningConfiguration, getBucketWebsiteConfiguration, getObjectAcl, AccessControlList, getObjectMetadata, getObjectTagging, getUrl, headBucket, initiateMultipartUpload, isRequesterPaysEnabled, listParts, listVersions, restoreObject, restoreObjectV2, setBucketAccelerateConfiguration, setBucketAcl, setBucketAnalyticsConfiguration, setBucketCrossOriginConfiguration, setBucketIntelligentTieringConfiguration, setBucketInventoryConfiguration, setBucketLifecycleConfiguration, setBucketLoggingConfiguration, setBucketMetricsConfiguration, setBucketNotificationConfiguration, setBucketOwnershipControls, setBucketPolicy, setBucketReplicationConfiguration, setBucketTaggingConfiguration, setBucketVersioningConfiguration, setBucketWebsiteConfiguration, setObjectAcl, setObjectRedirectLocation, setObjectTagging, setEndpoint, setRequestPaymentConfiguration, shutdown, createBucket

Supported S3 APIs for SDK v2

For the following methods of the client we create links to the bucket:

Link TypeMethods
useUpdateLinkputObject, uploadPart, restoreObject
useInsertLinkcompleteMultipartUpload, putObject
useSelectLinkgetObject, getObjectAsBytes, listObjects, listObjectsV2, listObjectsV2Paginator
useDeleteLinkdeleteBucket, deleteObject, deleteObjects
callLinkabortMultipartUpload, createBucket, createMultipartUpload, deleteBucketAnalyticsConfiguration, deleteBucketCors, deleteBucketEncryption, deleteBucketIntelligentTieringConfiguration, deleteBucketInventoryConfiguration, deleteBucketLifecycle, deleteBucketMetricsConfiguration, deleteBucketOwnershipControls, deleteBucketPolicy, deleteBucketReplication, deleteBucketTagging, deleteBucketWebsite, deleteObjectTagging, deletePublicAccessBlock, getBucketAccelerateConfiguration, getBucketAcl, getBucketAnalyticsConfiguration, getBucketCors, getBucketEncryption, getBucketIntelligentTieringConfiguration, getBucketInventoryConfiguration, getBucketLifecycleConfiguration, getBucketLocation, getBucketLogging, getBucketMetricsConfiguration, getBucketNotificationConfiguration, getBucketOwnershipControls, getBucketPolicy, getBucketPolicyStatus, getBucketReplication, getBucketRequestPayment, getBucketTagging, getBucketVersioning, getBucketWebsite, getObjectAcl, getObjectLegalHold, getObjectLockConfiguration, getObjectRetention, getObjectTagging, getObjectTorrent, getObjectTorrentAsBytes, getPublicAccessBlock, headBucket, headObject, listBucketAnalyticsConfigurations, listBucketIntelligentTieringConfigurations, listBucketInventoryConfigurations, listBucketMetricsConfigurations, listMultipartUploads, listMultipartUploadsPaginator, listObjectVersions, listObjectVersionsPaginator, listParts, listPartsPaginator, putBucketAccelerateConfiguration


This code will create a S3 Bucket named "foo_bucket" on an AWS server in region "AP_SOUTH_1" and puts an object in it

package aws.example.s3;

import com.amazonaws.regions.Regions;
import com.amazonaws.regions.Region;


import java.util.List;

public class S3Manager {

    public void createBucket() {
		Region region = Region.getRegion(Regions.AP_SOUTH_1);
		final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(region).build();
        Bucket b = s3.createBucket("foo_bucket");
	public void  putFile(String file_path) {
		Region region = Region.getRegion(Regions.AP_SOUTH_1);
		final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(region).build();
		String key_name = Paths.get(file_path).getFileName().toString();
		s3.putObject("foo_bucket", key_name, new File(file_path));

Once the analysis/snapshot generation has completed, you can view the results in the normal manner (for example via CAST Enlighten):

Known limitations for S3

  • createPresignedPost API is not supported. However the call to this method is represented by a callLink to the bucket similar to other API methods in S3Client .

Support for Lambda invocation

Only the invoke method of (SDK V1) and (SDK V2) is currently supported.


The analysis of the following source code will create a Java Call to AWS Lambda Function object named functionName with a callLink from the invokeFunction to that object:

import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Regions;

import java.nio.charset.StandardCharsets;

public class FooClass {   

    public static void invokeFunction(LambdaClient awsLambda, String functionName) {

        InvokeRequest invokeRequest = new InvokeRequest()
                .withPayload("{\n" +
                        " \"Hello \": \"Paris\",\n" +
                        " \"countryCode\": \"FR\"\n" +
        InvokeResult invokeResult = null;

        AWSLambda awsLambda = AWSLambdaClientBuilder.standard()
                                  .withCredentials(new ProfileCredentialsProvider())

        invokeResult = awsLambda.invoke(invokeRequest);

@LambdaFunction annotation

The following two annotations (equally named) are supported (one for Android and the other one for Java applications):

  • com.amazonaws.mobileconnectors.lambdainvoker.LambdaFunction

The example below reproduced from the official documentation, illustrates how one can define (but not implement) the lambda function by annotating the AndroidBackendLambdaFunction method. 

import com.amazonaws.mobileconnectors.lambdainvoker.LambdaFunction;
public interface MyInterface {

     * Invoke the Lambda function "AndroidBackendLambdaFunction". 
     * The function name is the method name.
     ResponseClass AndroidBackendLambdaFunction(RequestClass request);


The @LambdaFunction annotation maps the specific client method to the same-name Lambda function. The expected behavior of the JEE analyzer is to resolve the actual Lambda Function invocation via method calls (elsewhere) to the annotated interface methods. The com.castsoftware.awsjava extension on the other hand will create a Java Call to AWS Lambda Function object and the respective incoming callLink from the annotated interface method AndroidBackendLambdaFunction.

Support for SNS

The following APIs are supported:

For SDK V1:


For SDK V2


For the publish method a Java AWS SNS Publisher object is created. Its name is that of the topic.

For the subscribe methods, a Java AWS SNS Subscriber object is created. Its name is that of the topic. Then for each supported protocol, an object is created with a callLink from the subscriber to that object. The supported protocols are the following:

protocolobject createdname of the object
emailJava AWS Emailan Email   (the email addresses are not evaluated)
smsJava AWS SMSan SMS   (the SMS numbers are not evaluated)
http/httpsJava AWS Post Servicethe url (evaluated from the endpoint)
sqsJava AWS Simple Queue Service Publisherthe name of the queue (evaluated from the endpoint)
lambdaJava Call to AWS Lambda Functionthe name of the lambda function (evaluated from the endpoint)

the com.castsoftware.wbslinker will create a callLink between the SNS Publishers and SNS Subscribers which have the same name.


When analyzing the following source code:


public class Example {

    public static void main(String[] args) {
        final String TOPIC_NAME = "extended-client-topic";
        final Regions region = Regions.DEFAULT_REGION;

        final AmazonSNS snsClient = AmazonSNSClientBuilder.standard().withRegion(region).build();
        final String topicArn = snsClient.createTopic(
                new CreateTopicRequest().withName("TOPIC1")
        snsClient.publish(topicArn, "message");

    public static void subscribe(String[] args) {
        final String TOPIC_NAME = "extended-client-topic";
        final Regions region = Regions.DEFAULT_REGION;

        final AmazonSNS snsClient = AmazonSNSClientBuilder.standard().withRegion(region).build();
        final String topicArn1 = snsClient.createTopic(
                new CreateTopicRequest().withName("TOPIC1")
        snsClient.subscribe(topicArn1, "email", "");
        snsClient.subscribe(new SubscribeRequest(topicArn1, "email", ""));
        snsClient.subscribe(new SubscribeRequest(topicArn1, "sqs", "arn:partition:service:region:account-id:queueName"));
        snsClient.subscribe(new SubscribeRequest()
        snsClient.subscribe(new SubscribeRequest()


Click to enlarge


The extension com.castsoftware.wbslinker is responsible for matching Java Call to AWS Lambda Function objects to Lambda Function objects such as Java AWS Lambda Function during application-level analysis.

Known limitations

  • (Corrected in 1.2.2-funcrel) A single inheritance depth level is only supported for classes implementing predefined interfaces such as RequestHandler andRequestStreamHandler when searching for handler methods. However overriding/overloading of the handler methods is not fully supported.
  • No custom lambda function resolver is supported, i.e. that passed to lambdaFunctionNameResolver (connected to the building of LambdaInvokerFactory).
  • Use of Consumer Builder for SDK is not supported.
  • Monolithic pattern for lambda functions is not properly supported.
  • No labels