class Miasma::Contrib::Aws::Api::Sts
STS helper class
Constants
- API_SERVICE
Service name of the API
- API_VERSION
Supported version of the STS API
Public Instance Methods
assume_role(role_arn, args = {})
click to toggle source
Assume new role
@param role_arn [String] IAM Role ARN @param args [Hash] @option args [String] :external_id @option args [String] :session_name @return [Hash]
# File lib/miasma-aws/api/sts.rb, line 51 def assume_role(role_arn, args = {}) req_params = Smash.new.tap do |params| params["Action"] = "AssumeRole" params["RoleArn"] = role_arn params["RoleSessionName"] = args[:session_name] || SecureRandom.uuid.tr("-", "") params["ExternalId"] = args[:external_id] if args[:external_id] params["DurationSeconds"] = args[:duration] if args[:duration] end result = request( :path => "/", :params => req_params, ).get(:body, "AssumeRoleResponse", "AssumeRoleResult") Smash.new( :aws_sts_token => result.get("Credentials", "SessionToken"), :aws_sts_secret_access_key => result.get("Credentials", "SecretAccessKey"), :aws_sts_access_key_id => result.get("Credentials", "AccessKeyId"), :aws_sts_token_expires => Time.parse(result.get("Credentials", "Expiration")), :aws_sts_assumed_role_arn => result.get("AssumedRoleUser", "Arn"), :aws_sts_assumed_role_id => result.get("AssumedRoleUser", "AssumedRoleId"), ) end
default_mfa_serial()
click to toggle source
@return [String]
# File lib/miasma-aws/api/sts.rb, line 74 def default_mfa_serial user_data = Iam.new( Smash[ [:aws_access_key_id, :aws_secret_access_key, :aws_region].map do |key| [key, attributes[key]] end ] ).user_info "arn:aws:iam::#{user_data[:account_id]}:mfa/#{user_data[:username]}" end
mfa_session(token_code, args = {})
click to toggle source
Generate MFA session credentials
@param token_code [String, Proc] Code from MFA device @param args [Hash] @option args [Integer] :duration life of session in seconds @option args [String] :mfa_serial MFA device identification number @return [Hash]
# File lib/miasma-aws/api/sts.rb, line 25 def mfa_session(token_code, args = {}) req_params = Smash.new.tap do |params| params["Action"] = "GetSessionToken" params["TokenCode"] = token_code.respond_to?(:call) ? token_code.call : token_code params["DurationSeconds"] = args[:duration] if args[:duration] params["SerialNumber"] = args[:mfa_serial].to_s.empty? ? default_mfa_serial : args[:mfa_serial] end result = request( :path => "/", :params => req_params, ).get(:body, "GetSessionTokenResponse", "GetSessionTokenResult", "Credentials") Smash.new( :aws_sts_session_token => result["SessionToken"], :aws_sts_session_secret_access_key => result["SecretAccessKey"], :aws_sts_session_access_key_id => result["AccessKeyId"], :aws_sts_session_token_expires => Time.parse(result["Expiration"]), ) end