Class: Fog::AWS::STS::Real
- Inherits:
-
Object
- Object
- Fog::AWS::STS::Real
- Includes:
- CredentialFetcher::ConnectionMethods
- Defined in:
- lib/fog/aws/sts.rb,
lib/fog/aws/requests/sts/assume_role.rb,
lib/fog/aws/requests/sts/get_session_token.rb,
lib/fog/aws/requests/sts/get_federation_token.rb
Instance Method Summary collapse
-
#assume_role(role_session_name, role_arn, external_id = nil, policy = nil, duration = 3600) ⇒ Object
Assume Role.
- #get_federation_token(name, policy, duration = 43200) ⇒ Object
- #get_session_token(duration = 43200) ⇒ Object
-
#initialize(options = {}) ⇒ Real
constructor
Initialize connection to STS.
- #reload ⇒ Object
Methods included from CredentialFetcher::ConnectionMethods
#refresh_credentials_if_expired
Constructor Details
#initialize(options = {}) ⇒ Real
Initialize connection to STS
Notes
options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection
Examples
iam = STS.new(
:aws_access_key_id => your_aws_access_key_id,
:aws_secret_access_key => your_aws_secret_access_key
)
Parameters
-
options<~Hash> - config arguments for connection. Defaults to {}.
Returns
-
STS object with connection to AWS.
74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/fog/aws/sts.rb', line 74 def initialize(={}) require 'fog/core/parser' @use_iam_profile = [:use_iam_profile] setup_credentials() @connection_options = [:connection_options] || {} @host = [:host] || 'sts.amazonaws.com' @path = [:path] || '/' @persistent = [:persistent] || false @port = [:port] || 443 @scheme = [:scheme] || 'https' @connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options) end |
Instance Method Details
#assume_role(role_session_name, role_arn, external_id = nil, policy = nil, duration = 3600) ⇒ Object
Assume Role
Parameters
-
role_session_name<~String> - An identifier for the assumed role.
-
role_arn<~String> - The ARN of the role the caller is assuming.
-
external_id<~String> - An optional unique identifier required by the assuming role’s trust identity.
-
policy<~String> - An optional JSON policy document
-
duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)
Returns
-
response<~Excon::Response>:
-
body<~Hash>:
-
‘Arn’<~String>: The ARN of the assumed role/user
-
‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role
-
‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role
-
‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role
-
‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role
-
-
See Also
docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/fog/aws/requests/sts/assume_role.rb', line 30 def assume_role(role_session_name, role_arn, external_id=nil, policy=nil, duration=3600) request({ 'Action' => 'AssumeRole', 'RoleSessionName' => role_session_name, 'RoleArn' => role_arn, 'Policy' => policy && Fog::JSON.encode(policy), 'DurationSeconds' => duration, 'ExternalId' => external_id, :idempotent => true, :parser => Fog::Parsers::AWS::STS::AssumeRole.new }) end |
#get_federation_token(name, policy, duration = 43200) ⇒ Object
8 9 10 11 12 13 14 15 16 17 |
# File 'lib/fog/aws/requests/sts/get_federation_token.rb', line 8 def get_federation_token(name, policy, duration=43200) request({ 'Action' => 'GetFederationToken', 'Name' => name, 'Policy' => Fog::JSON.encode(policy), 'DurationSeconds' => duration, :idempotent => true, :parser => Fog::Parsers::AWS::STS::GetSessionToken.new }) end |
#get_session_token(duration = 43200) ⇒ Object
8 9 10 11 12 13 14 15 |
# File 'lib/fog/aws/requests/sts/get_session_token.rb', line 8 def get_session_token(duration=43200) request({ 'Action' => 'GetSessionToken', 'DurationSeconds' => duration, :idempotent => true, :parser => Fog::Parsers::AWS::STS::GetSessionToken.new }) end |
#reload ⇒ Object
89 90 91 |
# File 'lib/fog/aws/sts.rb', line 89 def reload @connection.reset end |