How to preemptively refresh credentials (sts, eks pod, java)?

[kncesarini]

I'm using the java sdk v2. My spring boot app is running in EKS with a pod identity, so credentials are supplied automagically by sts with the Default credentials provider chain. The app reads and writes things to dynamodb- this is how the client is created.

DynamoDbClient.builder().region(Region.of(region)).build();

The issue I'm having is that these credentials don't seem to be refreshed proactively. When the app starts up after a reboot or deploy, the first request will be slower, since the app finds it has no credentials, fetches credentials from STS, then does the dynamodb request. If the app runs long enough for the credentials to expire, I assume this happens again, but haven't tested that specific scenario thoroughly.

What I want is for this refresh to happen automatically before any dynamodb requests are made. When the app starts, credentials should be fetched before the app is "ready". When credentials are about to expire, the app should refresh them before they do. Is there a way to accomplish this? I would hate to e.g. have to use an iam user just to work around this performance annoyance.