Class: AWS::STS::Client

Inherits:

Core::Client

• Object
• Core::Client
• AWS::STS::Client

Extended by:

Core::QueryClient

Defined in:

lib/aws/sts/client.rb

Overview

Client class for AWS Security Token Service (STS).

Constant Summary

API_VERSION =

'2011-06-15'

REGION_US_E1 =

'sts.amazonaws.com'

Instance Attribute Summary

Attributes inherited from Core::Client

#config, #http_read_timeout

Instance Method Summary

• #get_federation_token(options = {}) ⇒ Core::Response

  Calls the GetFederationToken API operation.

• #get_session_token(options = {}) ⇒ Core::Response

  Calls the GetSessionToken API operation.

• #initialize(*args) ⇒ Client constructor

  A new instance of Client.

Methods inherited from Core::Client

#operations, #with_http_handler, #with_options

Constructor Details

#initialize(*args) ⇒ Client

Returns a new instance of Client.

# File 'lib/aws/sts/client.rb', line 29

def initialize *args
  super
  unless config.use_ssl?
    msg = 'AWS Security Token Service (STS) requires ssl but the ' + 
      ':use_ssl option is set to false.  Try passing :use_ssl => true'
    raise ArgumentError, msg
  end
end

Instance Method Details

#get_federation_token(options = {}) ⇒ Core::Response

Calls the GetFederationToken API operation.

Parameters:

• options (Hash) (defaults to: {}) —

  • :name - required - (String) The name of the federated user associated with the credentials. For information about limitations on user names, go to Limitations on IAM Entities in Using AWS Identity and Access Management.

  • :policy - (String) A policy specifying the permissions to associate with the credentials. The caller can delegate their own permissions by specifying a policy, and both policies will be checked when a service call is made. For more information about how permissions work in the context of temporary credentials, see Controlling Permissions in Temporary Credentials in Using AWS Identity and Access Management.

  • :duration_seconds - (Integer) The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 3600s (one hour) to 129600s (36 hours), with 43200s (12 hours) as the default.

Returns:

• (Core::Response) —

  The #data method of the response object returns a hash with the following structure:

  • :credentials - (Hash)

    • :access_key_id - (String)

    • :secret_access_key - (String)

    • :session_token - (String)

    • :expiration - (Time)

  • :federated_user - (Hash)

    • :federated_user_id - (String)

    • :arn - (String)

  • :packed_policy_size - (Integer)

# File 'lib/aws/sts/client.rb', line 70

define_client_method :get_federation_token, 'GetFederationToken'

#get_session_token(options = {}) ⇒ Core::Response

Calls the GetSessionToken API operation.

Parameters:

• options (Hash) (defaults to: {}) —

  • :duration_seconds - (Integer) The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 3600s (one hour) to 129600s (36 hours), with 43200s (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600s (one hour).

  • :serial_number - (String) The identification number of the Multi-Factor Authentication (MFA) device for the user. If the user has an access policy requiring MFA to access resources, provide the value here. The number is in the Security Credentials tab of the user’s details pane in the IAM console. If the user has an active MFA device, the details pane displays a Multi-Factor Authentication Device value such as arn:aws:iam::123456789012:mfa/user for a virtual device or the device serial number for a hardware device.

  • :token_code - (String) The value provided by the MFA device. If the user has an access policy requiring an MFA code, provide the value here to get permission to resources as specified in the access policy. If MFA is required, and a code not provided while requesting a set of temporary security credentials, the user will receive an “access denied” response when requesting resources that require MFA. For more information, see Using Multi-Factor Authentication (MFA) Devices with AWS in Using IAM.

Returns:

• (Core::Response) —

  The #data method of the response object returns a hash with the following structure:

  • :credentials - (Hash)

    • :access_key_id - (String)

    • :secret_access_key - (String)

    • :session_token - (String)

    • :expiration - (Time)

# File 'lib/aws/sts/client.rb', line 104

define_client_method :get_session_token, 'GetSessionToken'