class AWS::Core::CredentialProviders::AssumeRoleProvider
An auto-refreshing credential provider that works by assuming a role via {AWS::STS#assume_role}.
provider = AWS::Core::CredentialProviders::AssumeRoleProvider.new( sts: AWS::STS.new(access_key_id:'AKID', secret_access_key:'SECRET'), # assume role options: role_arn: "linked::account::arn", role_session_name: "session-name" ) ec2 = AWS::EC2.new(credential_provider:provider)
If you omit the ‘:sts` option, a new {STS} service object will be constructed and it will use the default credential provider from {Aws.config}.
Public Class Methods
new(options = {})
click to toggle source
@option options [AWS::STS] :sts (STS.new
) An instance of {AWS::STS}.
This is used to make the API call to assume role.
@option options [required, String] :role_arn @option options [required, String] :role_session_name @option options [String] :policy @option options [Integer] :duration_seconds @option options [String] :external_id
# File lib/aws/core/credential_providers.rb, line 600 def initialize(options = {}) @options = options.dup @sts = @options.delete(:sts) || STS.new end
Public Instance Methods
credentials()
click to toggle source
Calls superclass method
AWS::Core::CredentialProviders::Provider#credentials
# File lib/aws/core/credential_providers.rb, line 605 def credentials refresh if near_expiration? super end
Private Instance Methods
get_credentials()
click to toggle source
# File lib/aws/core/credential_providers.rb, line 616 def get_credentials role = @sts.assume_role(@options) @expiration = role[:credentials][:expiration] role[:credentials] end
near_expiration?()
click to toggle source
# File lib/aws/core/credential_providers.rb, line 612 def near_expiration? @expiration && @expiration.utc <= Time.now.utc + 5 * 60 end