Class: Fog::AWS::STS::Real
- Inherits:
-
Object
- Object
- Fog::AWS::STS::Real
- Includes:
- CredentialFetcher::ConnectionMethods
- Defined in:
- lib/fog/aws/sts.rb,
lib/fog/aws/requests/sts/assume_role.rb,
lib/fog/aws/requests/sts/get_session_token.rb,
lib/fog/aws/requests/sts/get_federation_token.rb,
lib/fog/aws/requests/sts/assume_role_with_saml.rb,
lib/fog/aws/requests/sts/assume_role_with_web_identity.rb
Instance Method Summary collapse
-
#assume_role(role_session_name, role_arn, external_id = nil, policy = nil, duration = 3600) ⇒ Object
Assume Role.
-
#assume_role_with_saml(role_arn, principal_arn, saml_assertion, policy = nil, duration = 3600) ⇒ Object
Assume Role with SAML.
- #assume_role_with_web_identity(role_arn, web_identity_token, role_session_name, options = {}) ⇒ Object
-
#get_federation_token(name, policy, duration = 43200) ⇒ Object
Get federation token.
- #get_session_token(duration = 43200) ⇒ Object
-
#initialize(options = {}) ⇒ Real
constructor
Initialize connection to STS.
- #reload ⇒ Object
Methods included from CredentialFetcher::ConnectionMethods
#refresh_credentials_if_expired
Constructor Details
#initialize(options = {}) ⇒ Real
Initialize connection to STS
Notes
options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection
Examples
iam = STS.new(
:aws_access_key_id => your_aws_access_key_id,
:aws_secret_access_key => your_aws_secret_access_key
)
Parameters
-
options<~Hash> - config arguments for connection. Defaults to {}.
Returns
-
STS object with connection to AWS.
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/fog/aws/sts.rb', line 74 def initialize(={}) @use_iam_profile = [:use_iam_profile] @region = [:region] || 'us-east-1' setup_credentials() @instrumentor = [:instrumentor] @instrumentor_name = [:instrumentor_name] || 'fog.aws.sts' @connection_options = [:connection_options] || {} @host = [:host] || "sts.#{@region}.amazonaws.com" @path = [:path] || '/' @persistent = [:persistent] || false @port = [:port] || 443 @scheme = [:scheme] || 'https' @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options) end |
Instance Method Details
#assume_role(role_session_name, role_arn, external_id = nil, policy = nil, duration = 3600) ⇒ Object
Assume Role
Parameters
-
role_session_name<~String> - An identifier for the assumed role.
-
role_arn<~String> - The ARN of the role the caller is assuming.
-
external_id<~String> - An optional unique identifier required by the assuming role’s trust identity.
-
policy<~String> - An optional JSON policy document
-
duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)
Returns
-
response<~Excon::Response>:
-
body<~Hash>:
-
‘Arn’<~String>: The ARN of the assumed role/user
-
‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role
-
‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role
-
‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role
-
‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role
-
-
See Also
docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/fog/aws/requests/sts/assume_role.rb', line 29 def assume_role(role_session_name, role_arn, external_id=nil, policy=nil, duration=3600) request({ 'Action' => 'AssumeRole', 'RoleSessionName' => role_session_name, 'RoleArn' => role_arn, 'Policy' => policy && Fog::JSON.encode(policy), 'DurationSeconds' => duration, 'ExternalId' => external_id, :idempotent => true, :parser => Fog::Parsers::AWS::STS::AssumeRole.new }) end |
#assume_role_with_saml(role_arn, principal_arn, saml_assertion, policy = nil, duration = 3600) ⇒ Object
Assume Role with SAML
Parameters
-
role_arn<~String> - The ARN of the role the caller is assuming.
-
principal_arn<~String> - The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
-
saml_assertion<~String> - The base-64 encoded SAML authentication response provided by the IdP.
-
policy<~String> - An optional JSON policy document
-
duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)
Returns
-
response<~Excon::Response>:
-
body<~Hash>:
-
‘Arn’<~String>: The ARN of the assumed role/user
-
‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role
-
‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role
-
‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role
-
‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role
-
-
See Also
docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/fog/aws/requests/sts/assume_role_with_saml.rb', line 29 def assume_role_with_saml(role_arn, principal_arn, saml_assertion, policy=nil, duration=3600) request_unsigned({ 'Action' => 'AssumeRoleWithSAML', 'RoleArn' => role_arn, 'PrincipalArn' => principal_arn, 'SAMLAssertion' => saml_assertion, 'Policy' => policy && Fog::JSON.encode(policy), 'DurationSeconds' => duration, :idempotent => true, :parser => Fog::Parsers::AWS::STS::AssumeRoleWithSAML.new }) end |
#assume_role_with_web_identity(role_arn, web_identity_token, role_session_name, options = {}) ⇒ Object
7 8 9 10 11 12 13 14 15 16 17 |
# File 'lib/fog/aws/requests/sts/assume_role_with_web_identity.rb', line 7 def assume_role_with_web_identity(role_arn, web_identity_token, role_session_name, ={}) request_unsigned( 'Action' => 'AssumeRoleWithWebIdentity', 'RoleArn' => role_arn, 'RoleSessionName' => role_session_name, 'WebIdentityToken' => web_identity_token, 'DurationSeconds' => [:duration] || 3600, :idempotent => true, :parser => Fog::Parsers::AWS::STS::AssumeRoleWithWebIdentity.new ) end |
#get_federation_token(name, policy, duration = 43200) ⇒ Object
Get federation token
Parameters
-
name<~String>: The name of the federated user.
Minimum length of 2. Maximum length of 32.
-
policy<~String>: Optional policy that specifies the permissions
that are granted to the federated user Minimum length of 1. Maximum length of 2048.
-
duration<~Integer>: Optional duration, in seconds, that the session
should last.
Returns
-
response<~Excon::Response>:
-
body<~Hash>:
-
‘SessionToken’<~String> -
-
‘SecretAccessKey’<~String> -
-
‘Expiration’<~String> -
-
‘AccessKeyId’<~String> -
-
‘Arn’<~String> -
-
‘FederatedUserId’<~String> -
-
‘PackedPolicySize’<~String> -
-
‘RequestId’<~String> - Id of the request
-
-
See Also
docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html
32 33 34 35 36 37 38 39 40 41 |
# File 'lib/fog/aws/requests/sts/get_federation_token.rb', line 32 def get_federation_token(name, policy, duration=43200) request({ 'Action' => 'GetFederationToken', 'Name' => name, 'Policy' => Fog::JSON.encode(policy), 'DurationSeconds' => duration, :idempotent => true, :parser => Fog::Parsers::AWS::STS::GetSessionToken.new }) end |
#get_session_token(duration = 43200) ⇒ Object
7 8 9 10 11 12 13 14 |
# File 'lib/fog/aws/requests/sts/get_session_token.rb', line 7 def get_session_token(duration=43200) request({ 'Action' => 'GetSessionToken', 'DurationSeconds' => duration, :idempotent => true, :parser => Fog::Parsers::AWS::STS::GetSessionToken.new }) end |
#reload ⇒ Object
91 92 93 |
# File 'lib/fog/aws/sts.rb', line 91 def reload @connection.reset end |