class MSS::Core::CredentialProviders::AssumeRoleProvider

An auto-refreshing credential provider that works by assuming a role via {MSS::STS#assume_role}.

provider = MSS::Core::CredentialProviders::AssumeRoleProvider.new(
  sts: MSS::STS.new(access_key_id:'AKID', secret_access_key:'SECRET'),
  # assume role options:
  role_arn: "linked::account::arn",
  role_session_name: "session-name"
)

ec2 = MSS::EC2.new(credential_provider:provider)

If you omit the `:sts` option, a new {STS} service object will be constructed and it will use the default credential provider from {mss.config}.

Public Class Methods

new(options = {}) click to toggle source

@option options [MSS::STS] :sts (STS.new) An instance of {MSS::STS}.

This is used to make the API call to assume role.

@option options [required, String] :role_arn @option options [required, String] :role_session_name @option options [String] :policy @option options [Integer] :duration_seconds @option options [String] :external_id

# File lib/mss/core/credential_providers.rb, line 591
def initialize(options = {})
  @options = options.dup
  @sts = @options.delete(:sts) || STS.new
end

Public Instance Methods

credentials() click to toggle source
# File lib/mss/core/credential_providers.rb, line 596
def credentials
  refresh if near_expiration?
  super
end

Private Instance Methods

get_credentials() click to toggle source
# File lib/mss/core/credential_providers.rb, line 607
def get_credentials
  role = @sts.assume_role(@options)
  @expiration = role[:credentials][:expiration]
  role[:credentials]
end
near_expiration?() click to toggle source
# File lib/mss/core/credential_providers.rb, line 603
def near_expiration?
  @expiration && @expiration.utc <= Time.now.utc + 5 * 60
end