Menu
Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Making Requests Using IAM User Temporary Credentials - AWS SDK for Ruby

An IAM user or an AWS Account can request temporary security credentials (see Making Requests) using AWS SDK for Ruby and use them to access Amazon S3. These credentials expire after the session duration. By default, the session duration is one hour. If you use IAM user credentials, you can specify the duration, between 1 and 36 hours, when requesting the temporary security credentials.

Making Requests Using IAM User Temporary Security Credentials

1

Create an instance of the AWS Security Token Service client AWS::STS::Session by providing your credentials.

2

Start a session by calling the new_session method of the STS client that you created in the preceding step. You provide session information to this method using a GetSessionTokenRequest object.

The method returns your temporary security credentials.

3

Use the temporary credentials in a new instance of the AWS::S3 class by passing in the temporary security credentials.

You send the requests to Amazon S3 using this client. If you send requests using expired credentials, Amazon S3 returns an error.

The following Ruby code sample demonstrates the preceding tasks.

Copy
# Start a session. # In real applications, the following code is part of your trusted code. It has # your security credentials that you use to obtain temporary security credentials. sts = AWS::STS.new() session = sts.new_session() puts "Session expires at: #{session.expires_at.to_s}" # Get an instance of the S3 interface using the session credentials. s3 = AWS::S3.new(session.credentials) # Get a list of all object keys in a bucket. bucket = s3.buckets[bucket_name].objects.collect(&:key)

Example

Note

If you obtain temporary security credentials using your AWS account security credentials, the temporary security credentials are valid for only one hour. You can specify session duration only if you use IAM user credentials to request a session.

The following Ruby code example lists the object keys in the specified bucket. For illustration, the code example obtains temporary security credentials for a default one hour session and uses them to send an authenticated request to Amazon S3.

If you want to test the sample using IAM user credentials, you will need to create an IAM user under your AWS Account. For more information about how to create an IAM user, see Creating Your First IAM User and Administrators Group in the IAM User Guide.

Copy
require 'rubygems' require 'aws-sdk' # In real applications, the following code is part of your trusted code. It has # your security credentials you use to obtain temporary security credentials. bucket_name = '*** Provide bucket name ***' # Start a session. sts = AWS::STS.new() session = sts.new_session() puts "Session expires at: #{session.expires_at.to_s}" # get an instance of the S3 interface using the session credentials s3 = AWS::S3.new(session.credentials) # get a list of all object keys in a bucket bucket = s3.buckets[bucket_name].objects.collect(&:key) puts bucket