Class: Fog::AWS::STS::Real

Inherits:
Object
  • Object
show all
Includes:
CredentialFetcher::ConnectionMethods
Defined in:
lib/fog/aws/sts.rb,
lib/fog/aws/requests/sts/assume_role.rb,
lib/fog/aws/requests/sts/get_session_token.rb,
lib/fog/aws/requests/sts/get_federation_token.rb

Instance Method Summary collapse

Methods included from CredentialFetcher::ConnectionMethods

#refresh_credentials_if_expired

Constructor Details

#initialize(options = {}) ⇒ Real

Initialize connection to STS

Notes

options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection

Examples

iam = STS.new(
 :aws_access_key_id => your_aws_access_key_id,
 :aws_secret_access_key => your_aws_secret_access_key
)

Parameters

  • options<~Hash> - config arguments for connection. Defaults to {}.

Returns

  • STS object with connection to AWS.



74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/fog/aws/sts.rb', line 74

def initialize(options={})
  require 'fog/core/parser'

  @use_iam_profile = options[:use_iam_profile]
  setup_credentials(options)
  @connection_options     = options[:connection_options] || {}

  @host       = options[:host]        || 'sts.amazonaws.com'
  @path       = options[:path]        || '/'
  @persistent = options[:persistent]  || false
  @port       = options[:port]        || 443
  @scheme     = options[:scheme]      || 'https'
  @connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
end

Instance Method Details

#assume_role(role_session_name, role_arn, external_id = nil, policy = nil, duration = 3600) ⇒ Object

Assume Role

Parameters

  • role_session_name<~String> - An identifier for the assumed role.

  • role_arn<~String> - The ARN of the role the caller is assuming.

  • external_id<~String> - An optional unique identifier required by the assuming role’s trust identity.

  • policy<~String> - An optional JSON policy document

  • duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘Arn’<~String>: The ARN of the assumed role/user

      • ‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role

      • ‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role

      • ‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role

      • ‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role

See Also

docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html



30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/fog/aws/requests/sts/assume_role.rb', line 30

def assume_role(role_session_name, role_arn, external_id=nil, policy=nil, duration=3600)
  request({
    'Action'          => 'AssumeRole',
    'RoleSessionName' => role_session_name,
    'RoleArn'         => role_arn,
    'Policy'          => policy && Fog::JSON.encode(policy),
    'DurationSeconds' => duration,
    'ExternalId'      => external_id,
    :idempotent       => true,
    :parser           => Fog::Parsers::AWS::STS::AssumeRole.new
  })
end

#get_federation_token(name, policy, duration = 43200) ⇒ Object

Get federation token

Parameters

  • name<~String>: The name of the federated user.

    Minimum length of 2. Maximum length of 32.
    
  • policy<~String>: Optional policy that specifies the permissions

    that are granted to the federated user
    Minimum length of 1. Maximum length of 2048.
    
  • duration<~Integer>: Optional duration, in seconds, that the session

    should last.
    

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘SessionToken’<~String> -

      • ‘SecretAccessKey’<~String> -

      • ‘Expiration’<~String> -

      • ‘AccessKeyId’<~String> -

      • ‘Arn’<~String> -

      • ‘FederatedUserId’<~String> -

      • ‘PackedPolicySize’<~String> -

      • ‘RequestId’<~String> - Id of the request

See Also

docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html



33
34
35
36
37
38
39
40
41
42
# File 'lib/fog/aws/requests/sts/get_federation_token.rb', line 33

def get_federation_token(name, policy, duration=43200)
  request({
    'Action'          => 'GetFederationToken',
    'Name'            => name,
    'Policy'          => Fog::JSON.encode(policy),
    'DurationSeconds' => duration,
    :idempotent       => true,
    :parser           => Fog::Parsers::AWS::STS::GetSessionToken.new
  })
end

#get_session_token(duration = 43200) ⇒ Object



8
9
10
11
12
13
14
15
# File 'lib/fog/aws/requests/sts/get_session_token.rb', line 8

def get_session_token(duration=43200)
  request({
    'Action'          => 'GetSessionToken',
    'DurationSeconds' => duration,
    :idempotent       => true,
    :parser           => Fog::Parsers::AWS::STS::GetSessionToken.new
  })
end

#reloadObject



89
90
91
# File 'lib/fog/aws/sts.rb', line 89

def reload
  @connection.reset
end