class AWS::Core::CredentialProviders::EC2Provider
This credential provider tries to get credentials from the EC2
metadata service.
Constants
- FAILURES
These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error. @private
Attributes
@return [Time,nil]
@return [Object,nil]
@return [Float]
@return [Float]
@return [String] Defaults to ‘169.254.169.254’.
@return [Integer] Defaults to port 80.
Public Class Methods
@param [Hash] options @option options [String] :ip_address (‘169.254.169.254’) @option options [Integer] :port (80) @option options [Float] :http_open_timeout (1) @option options [Float] :http_read_timeout (1) @option options [Object] :http_debug_output (nil) HTTP wire
traces are sent to this object. You can specify something like $stdout.
# File lib/aws/core/credential_providers.rb, line 236 def initialize options = {} @ip_address = options[:ip_address] || '169.254.169.254' @port = options[:port] || 80 @http_open_timeout = options[:http_open_timeout] || 1 @http_read_timeout = options[:http_read_timeout] || 1 @http_debug_output = options[:http_debug_output] end
Public Instance Methods
Refresh provider if existing credentials will be expired in 5 min @return [Hash] Returns a hash of credentials containg at least
the +:access_key_id+ and +:secret_access_key+. The hash may also contain a +:session_token+.
@raise [Errors::MissingCredentialsError] Raised when the
+:access_key_id+ or the +:secret_access_key+ can not be found.
AWS::Core::CredentialProviders::Provider#credentials
# File lib/aws/core/credential_providers.rb, line 270 def credentials if @credentials_expiration && @credentials_expiration.utc <= Time.now.utc - 5 * 60 refresh end super end
Protected Instance Methods
Makes an HTTP Get request with the given path. If a non-200 response is received, then a FailedRequestError
is raised. a {FailedRequestError} is raised. @param [Net::HTTPSession] session @param [String] path @raise [FailedRequestError] @return [String] Returns the http response body.
# File lib/aws/core/credential_providers.rb, line 320 def get session, path response = session.request(Net::HTTP::Get.new(path)) if response.code.to_i == 200 response.body else raise FailedRequestError end end
(see Provider#get_credentials
)
# File lib/aws/core/credential_providers.rb, line 280 def get_credentials begin http = Net::HTTP.new(ip_address, port) http.open_timeout = http_open_timeout http.read_timeout = http_read_timeout http.set_debug_output(http_debug_output) if http_debug_output http.start # get the first/default instance profile name path = '/latest/meta-data/iam/security-credentials/' profile_name = get(http, path).lines.map(&:strip).first # get the session details from the instance profile name path << profile_name session = JSON.parse(get(http, path)) http.finish credentials = {} credentials[:access_key_id] = session['AccessKeyId'] credentials[:secret_access_key] = session['SecretAccessKey'] credentials[:session_token] = session['Token'] @credentials_expiration = Time.parse(session['Expiration']) credentials rescue *FAILURES => e {} end end