AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

AWS Credentials that automatically refresh by calling AssumeRole on the Amazon Security Token Service.

Inheritance Hierarchy


Namespace: Amazon.Runtime
Assembly: AWSSDK.Core.dll
Version: 3.x.y.z


public class AssumeRoleWithWebIdentityCredentials : RefreshingAWSCredentials

The AssumeRoleWithWebIdentityCredentials type exposes the following members


Public Method AssumeRoleWithWebIdentityCredentials(string, string, string)

Constructs an AssumeRoleWithWebIdentityCredentials object.

Public Method AssumeRoleWithWebIdentityCredentials(string, string, string, AssumeRoleWithWebIdentityCredentialsOptions)

Constructs an AssumeRoleWithWebIdentityCredentials object.


Public Property PreemptExpiryTime System.TimeSpan Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Property RoleArn System.String

The Amazon Resource Name (ARN) of the role to assume.

Public Property RoleSessionName System.String

An identifier for the assumed role session.

Public Property WebIdentityTokenFile System.String

The absolute path to the file on disk containing an OIDC token



Asynchronous operations (methods ending with Async) in the table below are for .NET 4.5 or higher. For .NET 3.5 the SDK follows the standard naming convention of BeginMethodName and EndMethodName to indicate asynchronous operations - these method pairs are not shown in the table below.

Public Method ClearCredentials() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method Dispose() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method Static Method FromEnvironmentVariables()

Creates an instance of Amazon.Runtime.AssumeRoleWithWebIdentityCredentials from environment variables.

Public Method GetCredentials() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method GetCredentialsAsync() Inherited from Amazon.Runtime.RefreshingAWSCredentials.


Field Static Field RoleArnEnvVariable System.String
Field Static Field RoleSessionNameEnvVariable System.String
Field Static Field WebIdentityTokenFileEnvVariable System.String

As established by STS, the regex used to validate the role session names is a string of 2-64 characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

Version Information

.NET Core App:
Supported in: 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5, 4.0, 3.5