You are viewing documentation for version 1 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: AWS::STS::Client

Inherits:
Core::QueryClient show all
Defined in:
lib/aws/sts/client.rb

Overview

Client class for AWS Security Token Service (STS).

Direct Known Subclasses

V20110615

Defined Under Namespace

Classes: V20110615

Constant Summary

API_VERSION = 
'2011-06-15'
REGION_US_E1 = 
'sts.amazonaws.com'

Instance Attribute Summary

Attributes inherited from Core::Client

#config

Instance Method Summary collapse

Methods inherited from Core::Client

#log_warning, #operations, #with_http_handler, #with_options

Constructor Details

#initialize(*args) ⇒ Client

Returns a new instance of Client



29
30
31
32
33
34
35
36
 
# File 'lib/aws/sts/client.rb', line 29

def initialize *args
  super
  unless config.use_ssl?
    msg = 'AWS Security Token Service (STS) requires ssl but the ' +
      ':use_ssl option is set to false.  Try passing :use_ssl => true'
    raise ArgumentError, msg
  end
end

Instance Method Details

#assume_role(options = {}) ⇒ Core::Response

Calls the AssumeRole API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :role_arn - required - (String)
    • :role_session_name - required - (String)
    • :policy - (String)
    • :duration_seconds - (Integer)
    • :external_id - (String)
    • :serial_number - (String)
    • :token_code - (String)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :credentials - (Hash)
      • :access_key_id - (String)
      • :secret_access_key - (String)
      • :session_token - (String)
      • :expiration - (Time)
    • :assumed_role_user - (Hash)
      • :assumed_role_id - (String)
      • :arn - (String)
    • :packed_policy_size - (Integer)

#assume_role_with_saml(options = {}) ⇒ Core::Response

Calls the AssumeRoleWithSAML API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :role_arn - required - (String)
    • :principal_arn - required - (String)
    • :saml_assertion - required - (String)
    • :policy - (String)
    • :duration_seconds - (Integer)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :credentials - (Hash)
      • :access_key_id - (String)
      • :secret_access_key - (String)
      • :session_token - (String)
      • :expiration - (Time)
    • :assumed_role_user - (Hash)
      • :assumed_role_id - (String)
      • :arn - (String)
    • :packed_policy_size - (Integer)
    • :subject - (String)
    • :subject_type - (String)
    • :issuer - (String)
    • :audience - (String)
    • :name_qualifier - (String)

#assume_role_with_web_identity(options = {}) ⇒ Core::Response

Calls the AssumeRoleWithWebIdentity API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :role_arn - required - (String)
    • :role_session_name - required - (String)
    • :web_identity_token - required - (String)
    • :provider_id - (String)
    • :policy - (String)
    • :duration_seconds - (Integer)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :credentials - (Hash)
      • :access_key_id - (String)
      • :secret_access_key - (String)
      • :session_token - (String)
      • :expiration - (Time)
    • :subject_from_web_identity_token - (String)
    • :assumed_role_user - (Hash)
      • :assumed_role_id - (String)
      • :arn - (String)
    • :packed_policy_size - (Integer)
    • :provider - (String)
    • :audience - (String)

#decode_authorization_message(options = {}) ⇒ Core::Response

Calls the DecodeAuthorizationMessage API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :encoded_message - required - (String)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :decoded_message - (String)

#do_sign_requestObject

Two STS operations are un-signed



39
 
# File 'lib/aws/sts/client.rb', line 39

alias do_sign_request sign_request

#get_federation_token(options = {}) ⇒ Core::Response

Calls the GetFederationToken API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :name - required - (String)
    • :policy - (String)
    • :duration_seconds - (Integer)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :credentials - (Hash)
      • :access_key_id - (String)
      • :secret_access_key - (String)
      • :session_token - (String)
      • :expiration - (Time)
    • :federated_user - (Hash)
      • :federated_user_id - (String)
      • :arn - (String)
    • :packed_policy_size - (Integer)

#get_session_token(options = {}) ⇒ Core::Response

Calls the GetSessionToken API operation.

Parameters:

  • options (Hash) (defaults to: {})
    • :duration_seconds - (Integer)
    • :serial_number - (String)
    • :token_code - (String)

Returns:

  • (Core::Response)

    The #data method of the response object returns a hash with the following structure:

    • :credentials - (Hash)
      • :access_key_id - (String)
      • :secret_access_key - (String)
      • :session_token - (String)
      • :expiration - (Time)

#sign_request(req) ⇒ Object 



40
41
42
43
44
45
 
# File 'lib/aws/sts/client.rb', line 40

def sign_request(req)
  action = req.params.find { |param| param.name == 'Action' }.value
  unsigned = %w( AssumeRoleWithWebIdentity AssumeRoleWithSAML )
  do_sign_request(req) unless unsigned.include?(action)
  req
end