class AWS::Core::CredentialProviders::EC2Provider

This credential provider tries to get credentials from the EC2 metadata service.

Constants

FAILURES

These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error. @api private

Attributes

credentials_expiration[RW]

@return [Time,nil]

http_debug_output[RW]

@return [Object,nil]

http_open_timeout[RW]

@return [Float]

http_read_timeout[RW]

@return [Float]

ip_address[RW]

@return [String] Defaults to '169.254.169.254'.

port[RW]

@return [Integer] Defaults to port 80.

retries[RW]

@return [Integer] Defaults to 0

Public Class Methods

new(options = {}) click to toggle source

@param [Hash] options @option options [String] :ip_address ('169.254.169.254') @option options [Integer] :port (80) @option options [Integer] :retries (0) Number of times to

retry retrieving credentials.

@option options [Float] :http_open_timeout (1) @option options [Float] :http_read_timeout (1) @option options [Object] :http_debug_output (nil) HTTP wire

traces are sent to this object.  You can specify something
like $stdout.
# File lib/aws/core/credential_providers.rb, line 364
def initialize options = {}
  @ip_address = options[:ip_address] || '169.254.169.254'
  @port = options[:port] || 80
  @retries = options[:retries] || 0
  @http_open_timeout = options[:http_open_timeout] || 1
  @http_read_timeout = options[:http_read_timeout] || 1
  @http_debug_output = options[:http_debug_output]
end

Public Instance Methods

credentials() click to toggle source

Refresh provider if existing credentials will be expired in 15 min @return [Hash] Returns a hash of credentials containg at least

the `:access_key_id` and `:secret_access_key`.  The hash may
also contain a `:session_token`.

@raise [Errors::MissingCredentialsError] Raised when the

`:access_key_id` or the `:secret_access_key` can not be found.
# File lib/aws/core/credential_providers.rb, line 402
def credentials
  refresh if near_expiration?
  super
end

Protected Instance Methods

get(session, path) click to toggle source

Makes an HTTP Get request with the given path. If a non-200 response is received, then a FailedRequestError is raised. a {FailedRequestError} is raised. @param [Net::HTTPSession] session @param [String] path @raise [FailedRequestError] @return [String] Returns the http response body.

# File lib/aws/core/credential_providers.rb, line 470
def get session, path
  response = session.request(Net::HTTP::Get.new(path))
  if response.code.to_i == 200
    response.body
  else
    raise FailedRequestError
  end
end
get_credentials() click to toggle source

(see Provider#get_credentials)

# File lib/aws/core/credential_providers.rb, line 420
def get_credentials
  retries_left = retries

  begin

    http = Net::HTTP.new(ip_address, port, nil)
    http.open_timeout = http_open_timeout
    http.read_timeout = http_read_timeout
    http.set_debug_output(http_debug_output) if
      http_debug_output
    http.start

    # get the first/default instance profile name
    path = '/latest/meta-data/iam/security-credentials/'
    profile_name = get(http, path).lines.map(&:strip).first

    # get the session details from the instance profile name
    path << profile_name
    session = JSON.parse(get(http, path))

    http.finish

    credentials = {}
    credentials[:access_key_id] = session['AccessKeyId']
    credentials[:secret_access_key] = session['SecretAccessKey']
    credentials[:session_token] = session['Token']
    @credentials_expiration = Time.parse(session['Expiration'])

    credentials

  rescue *FAILURES => e
    if retries_left > 0
      sleep_time = 2 ** (retries - retries_left)
      Kernel.sleep(sleep_time)

      retries_left -= 1
      retry
    else
      {}
    end
  end
end
near_expiration?() click to toggle source
# File lib/aws/core/credential_providers.rb, line 409
def near_expiration?
  if @credentials_expiration.nil?
    true
  elsif @credentials_expiration.utc <= (Time.now.utc + (15 * 60))
    true
  else
    false
  end
end