Initialize connection to STS

Notes

options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection

Examples

  iam = STS.new(
   :aws_access_key_id => your_aws_access_key_id,
   :aws_secret_access_key => your_aws_secret_access_key
  )

Parameters

• options<~Hash> - config arguments for connection. Defaults to {}.

Returns

• STS object with connection to AWS.

Assume Role

Parameters

• role_session_name<~String> - An identifier for the assumed role.
• role_arn<~String> - The ARN of the role the caller is assuming.
• external_id<~String> - An optional unique identifier required by the assuming role‘s trust identity.
• policy<~String> - An optional JSON policy document
• duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)

Returns

• response<~Excon::Response>:
  • body<~Hash>:
    • ‘Arn’<~String>: The ARN of the assumed role/user
    • ‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role
    • ‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role
    • ‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role
    • ‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role

See Also

docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Assume Role with SAML

Parameters

• role_arn<~String> - The ARN of the role the caller is assuming.
• principal_arn<~String> - The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
• saml_assertion<~String> - The base-64 encoded SAML authentication response provided by the IdP.
• policy<~String> - An optional JSON policy document
• duration<~Integer> - Duration (of seconds) for the assumed role credentials to be valid (default 3600)

Returns

• response<~Excon::Response>:
  • body<~Hash>:
    • ‘Arn’<~String>: The ARN of the assumed role/user
    • ‘AccessKeyId’<~String>: The AWS access key of the temporary credentials for the assumed role
    • ‘SecretAccessKey’<~String>: The AWS secret key of the temporary credentials for the assumed role
    • ‘SessionToken’<~String>: The AWS session token of the temporary credentials for the assumed role
    • ‘Expiration’<~Time>: The expiration time of the temporary credentials for the assumed role

See Also

docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html

Get federation token

Parameters

• name<~String>: The name of the federated user.

                 Minimum length of 2. Maximum length of 32.
  

• policy<~String>: Optional policy that specifies the permissions

                   that are granted to the federated user
                   Minimum length of 1. Maximum length of 2048.
  

• duration<~Integer>: Optional duration, in seconds, that the session

                      should last.
  

Returns

• response<~Excon::Response>:
  • body<~Hash>:
    • ‘SessionToken’<~String> -
    • ‘SecretAccessKey’<~String> -
    • ‘Expiration’<~String> -
    • ‘AccessKeyId’<~String> -
    • ‘Arn’<~String> -
    • ‘FederatedUserId’<~String> -
    • ‘PackedPolicySize’<~String> -
    • ‘RequestId’<~String> - Id of the request

See Also

docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html