Class: AWS.TemporaryCredentials

Inherits:
AWS.Credentials show all
Defined in:
lib/credentials/temporary_credentials.js

Overview

Note:

In order to create temporary credentials, you first need to have "master" credentials configured in AWS.Config.credentials. These master credentials are necessary to retrieve the temporary credentials, as well as refresh the credentials when they expire.

Represents temporary credentials retrieved from AWS.STS. Without any extra parameters, credentials will be fetched from the AWS.STS.getSessionToken() operation. If an IAM role is provided, the AWS.STS.assumeRole() operation will be used to fetch credentials for the role instead.

To setup temporary credentials, configure a set of master credentials using the standard credentials providers (environment, EC2 instance metadata, or from the filesystem), then set the global credentials to a new temporary credentials object:

// Note that environment credentials are loaded by default,
// the following line is shown for clarity:
AWS.config.credentials = new AWS.EnvironmentCredentials('AWS');

// Now set temporary credentials seeded from the master credentials
AWS.config.credentials = new AWS.TemporaryCredentials();

// subsequent requests will now use temporary credentials from AWS STS.
new AWS.S3().listBucket(function(err, data) { ... });

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Credentials

expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow

Method Summary collapse

Methods inherited from AWS.Credentials

needsRefresh, get, getPromise, refreshPromise

Constructor Details

new AWS.TemporaryCredentials(params, masterCredentials) ⇒ void

Note:

In order to create temporary credentials, you first need to have "master" credentials configured in AWS.Config.credentials. These master credentials are necessary to retrieve the temporary credentials, as well as refresh the credentials when they expire.

Creates a new temporary credentials object.

Examples:

Creating a new credentials object for generic temporary credentials

AWS.config.credentials = new AWS.TemporaryCredentials();

Creating a new credentials object for an IAM role

AWS.config.credentials = new AWS.TemporaryCredentials({
  RoleArn: 'arn:aws:iam::1234567890:role/TemporaryCredentials',
});

Parameters:

  • params (map)

    a map of options that are passed to the AWS.STS.assumeRole() or AWS.STS.getSessionToken() operations. If a RoleArn parameter is passed in, credentials will be based on the IAM role.

  • masterCredentials (AWS.Credentials)

    the master (non-temporary) credentials used to get and refresh temporary credentials from AWS STS.

See Also:

Property Details

masterCredentialsAWS.Credentials (readwrite)

Returns the master (non-temporary) credentials used to get and refresh temporary credentials from AWS STS.

Returns:

  • (AWS.Credentials)

    the master (non-temporary) credentials used to get and refresh temporary credentials from AWS STS.

Method Details

refresh(callback) ⇒ void

Refreshes credentials using AWS.STS.assumeRole() or AWS.STS.getSessionToken(), depending on whether an IAM role ARN was passed to the credentials constructor().

Callback (callback):

  • function(err) { ... }

    Called when the STS service responds (or fails). When this callback is called with no error, it means that the credentials information has been loaded into the object (as the accessKeyId, secretAccessKey, and sessionToken properties).

    Parameters:

    • err (Error)

      if an error occurred, this value will be filled

See Also:

  • AWS.TemporaryCredentials.get