Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Class: Aws::AssumeRoleCredentials

Inherits:
Object
  • Object
show all
Includes:
CredentialProvider
Defined in:
gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb

Overview

An auto-refreshing credential provider that assumes a role via STS::Client#assume_role.

role_credentials = Aws::AssumeRoleCredentials.new(
  client: Aws::STS::Client.new(...),
  role_arn: "linked::account::arn",
  role_session_name: "session-name"
)
ec2 = Aws::EC2::Client.new(credentials: role_credentials)

If you omit :client option, a new STS::Client object will be constructed with additional options that were provided.

See Also:

Instance Attribute Summary collapse

Attributes included from CredentialProvider

#credentials, #expiration

Instance Method Summary collapse

Methods included from CredentialProvider

#set?

Constructor Details

#initialize(options = {}) ⇒ AssumeRoleCredentials

Returns a new instance of AssumeRoleCredentials.

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :role_arn (required, String)
  • :role_session_name (required, String)
  • :policy (String)
  • :duration_seconds (Integer)
  • :external_id (String)
  • :client (STS::Client)
  • before_refresh (Callable)

    Proc called before credentials are refreshed. Useful for updating tokens. before_refresh is called when AWS credentials are required and need to be refreshed. Tokens can be refreshed using the following example:

    before_refresh = Proc.new do |assume_role_credentials| do assume_role_credentials.assume_role_params['token_code'] = update_token end


41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb', line 41

def initialize(options = {})
  client_opts = {}
  @assume_role_params = {}
  options.each_pair do |key, value|
    if self.class.assume_role_options.include?(key)
      @assume_role_params[key] = value
    elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
      client_opts[key] = value
    end
  end
  @client = client_opts[:client] || STS::Client.new(client_opts)
  @async_refresh = true
  super
end

Instance Attribute Details

#assume_role_paramsHash (readonly)

Returns:

  • (Hash) 

60
61
62
 
# File 'gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb', line 60

def assume_role_params
  @assume_role_params
end

#clientSTS::Client (readonly)

Returns:


57
58
59
 
# File 'gems/aws-sdk-core/lib/aws-sdk-core/assume_role_credentials.rb', line 57

def client
  @client
end