Class: Aws::InstanceProfileCredentials

Inherits:

Object

• Object
• Aws::InstanceProfileCredentials

Includes:

CredentialProvider, RefreshingCredentials

Defined in:

lib/aws-sdk-core/instance_profile_credentials.rb

Overview

An auto-refreshing credential provider that loads credentials from EC2 instances.

instance_credentials = Aws::InstanceProfileCredentials.new
ec2 = Aws::EC2::Client.new(credentials: instance_credentials)

Defined Under Namespace

Classes: Non200Response, Token, TokenExpiredError, TokenRetrivalError

Constant Summary

NETWORK_ERRORS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error.

[
  Errno::EHOSTUNREACH,
  Errno::ECONNREFUSED,
  Errno::EHOSTDOWN,
  Errno::ENETUNREACH,
  SocketError,
  Timeout::Error,
  Non200Response
].freeze

METADATA_PATH_BASE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Path base for GET request for profile and credentials

'/latest/meta-data/iam/security-credentials/'.freeze

METADATA_TOKEN_PATH =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Path for PUT request for token

'/latest/api/token'.freeze

Constants included from RefreshingCredentials

RefreshingCredentials::ASYNC_EXPIRATION_LENGTH, RefreshingCredentials::CLIENT_EXCLUDE_OPTIONS, RefreshingCredentials::SYNC_EXPIRATION_LENGTH

Instance Attribute Summary

• #retries ⇒ Integer readonly

  Number of times to retry when retrieving credentials from the instance metadata service.

Attributes included from CredentialProvider

#credentials, #expiration

Instance Method Summary

• #initialize(options = {}) ⇒ InstanceProfileCredentials constructor

  A new instance of InstanceProfileCredentials.

Methods included from RefreshingCredentials

#credentials, #refresh!

Methods included from CredentialProvider

#set?

Constructor Details

#initialize(options = {}) ⇒ InstanceProfileCredentials

Returns a new instance of InstanceProfileCredentials.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :retries (Integer) — default: 1 —

  Number of times to retry when retrieving credentials.

• :endpoint (String) — default: 'http://169.254.169.254' —

  The IMDS endpoint. This option has precedence over the :endpoint_mode.

• :endpoint_mode (String) — default: 'IPv4' —

  The endpoint mode for the instance metadata service. This is either ‘IPv4’ (‘169.254.169.254’) or ‘IPv6’ (‘[fd00:ec2::254]’).

• :disable_imds_v1 (Boolean) — default: false —

  Disable the use of the legacy EC2 Metadata Service v1.

• :ip_address (String) — default: '169.254.169.254' —

  Deprecated. Use :endpoint instead. The IP address for the endpoint.

• :port (Integer) — default: 80
• :http_open_timeout (Float) — default: 1
• :http_read_timeout (Float) — default: 1
• :delay (Numeric, Proc) —

  By default, failures are retried with exponential back-off, i.e. ‘sleep(1.2 ** num_failures)`. You can pass a number of seconds to sleep between failed attempts, or a Proc that accepts the number of failures.

• :http_debug_output (IO) — default: nil —

  HTTP wire traces are sent to this object. You can specify something like $stdout.

• :token_ttl (Integer) —

  Time-to-Live in seconds for EC2 Metadata Token used for fetching Metadata Profile Credentials, defaults to 21600 seconds

• before_refresh (Callable) —

  Proc called before credentials are refreshed. ‘before_refresh` is called with an instance of this object when AWS credentials are required and need to be refreshed.

# File 'lib/aws-sdk-core/instance_profile_credentials.rb', line 77

def initialize(options = {})
  @retries = options[:retries] || 1
  endpoint_mode = resolve_endpoint_mode(options)
  @endpoint = resolve_endpoint(options, endpoint_mode)
  @port = options[:port] || 80
  @disable_imds_v1 = resolve_disable_v1(options)
  # Flag for if v2 flow fails, skip future attempts
  @imds_v1_fallback = false
  @http_open_timeout = options[:http_open_timeout] || 1
  @http_read_timeout = options[:http_read_timeout] || 1
  @http_debug_output = options[:http_debug_output]
  @backoff = backoff(options[:backoff])
  @token_ttl = options[:token_ttl] || 21_600
  @token = nil
  @no_refresh_until = nil
  @async_refresh = false
  super
end

Instance Attribute Details

#retries ⇒ Integer (readonly)

Returns Number of times to retry when retrieving credentials from the instance metadata service. Defaults to 0 when resolving from the default credential chain (CredentialProviderChain).

Returns:

• (Integer) —

  Number of times to retry when retrieving credentials from the instance metadata service. Defaults to 0 when resolving from the default credential chain (CredentialProviderChain).

# File 'lib/aws-sdk-core/instance_profile_credentials.rb', line 99

def retries
  @retries
end