Class: Aws::SSOCredentials
- Inherits:
-
Object
- Object
- Aws::SSOCredentials
- Includes:
- CredentialProvider
- Defined in:
- gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb
Overview
An auto-refreshing credential provider that assumes a role via
Aws::SSO::Client#get_role_credentials using a cached access
token. This class does NOT implement the SSO login token flow - tokens
must generated and refreshed separately by running aws login
from the
AWS CLI with the correct profile.
The SSOCredentials
will auto-refresh the AWS credentials from SSO. In
addition to AWS credentials expiring after a given amount of time, the
access token generated and cached from aws login
will also expire.
Once this token expires, it will not be usable to refresh AWS credentials,
and another token will be needed. The SDK does not manage refreshing of
the token value, but this can be done by running aws login
with the
correct profile.
# You must first run aws sso login --profile your-sso-profile
sso_credentials = Aws::SSOCredentials.new(
sso_account_id: '123456789',
sso_role_name: "role_name",
sso_region: "us-east-1",
sso_start_url: 'https://your-start-url.awsapps.com/start'
)
ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
If you omit :client
option, a new Aws::SSO::Client object will be
constructed with additional options that were provided.
Instance Attribute Summary collapse
-
#client ⇒ SSO::Client
readonly
Attributes included from CredentialProvider
Instance Method Summary collapse
-
#initialize(options = {}) ⇒ SSOCredentials
constructor
A new instance of SSOCredentials.
Methods included from CredentialProvider
Constructor Details
#initialize(options = {}) ⇒ SSOCredentials
Returns a new instance of SSOCredentials.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb', line 67 def initialize( = {}) missing_keys = SSO_REQUIRED_OPTS.select { |k| [k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @sso_start_url = .delete(:sso_start_url) @sso_region = .delete(:sso_region) @sso_role_name = .delete(:sso_role_name) @sso_account_id = .delete(:sso_account_id) # validate we can read the token file read_cached_token client_opts = {} .each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } client_opts[:region] = @sso_region client_opts[:credentials] = nil @client = [:client] || Aws::SSO::Client.new(client_opts) @async_refresh = true super end |
Instance Attribute Details
#client ⇒ SSO::Client (readonly)
94 95 96 |
# File 'gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb', line 94 def client @client end |