Module: PWN::AWS::STS

Defined in:

lib/pwn/aws/sts.rb

Overview

This module provides a client for making API requests to AWS Security Token Service.

Constant Summary

@@logger =

PWN::Plugins::PWNLogger.create

Class Method Summary

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .get_temp_credentials(opts = {}) ⇒ Object

  Supported Method Parameters

  PWN::AWS::STS.get_temp_credentials( region: ‘required - region name to connect (eu-west-1, ap-southeast-1, ap-southeast-2, eu-central-1, ap-northeast-2, ap-northeast-1, us-east-1, sa-east-1, us-west-1, us-west-2)’, role_arn: ‘required - role arn for instance profile to be used’, role_session_name: ‘required - the name of the instance profile role’, duration_seconds: ‘required - seconds in which sts credentials will expire’ ).

• .help ⇒ Object

  Display Usage for this Module.

Class Method Details

.authors ⇒ Object

Author(s)

0day Inc. <request.pentest@0dayinc.com>

# File 'lib/pwn/aws/sts.rb', line 41

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <request.pentest@0dayinc.com>
  "
end

.get_temp_credentials(opts = {}) ⇒ Object

Supported Method Parameters

PWN::AWS::STS.get_temp_credentials(

region: 'required - region name to connect (eu-west-1, ap-southeast-1, ap-southeast-2, eu-central-1, ap-northeast-2, ap-northeast-1, us-east-1, sa-east-1, us-west-1, us-west-2)',
role_arn: 'required - role arn for instance profile to be used',
role_session_name: 'required - the name of the instance profile role',
duration_seconds: 'required - seconds in which sts credentials will expire'

)

# File 'lib/pwn/aws/sts.rb', line 19

public_class_method def self.get_temp_credentials(opts = {})
  region = opts[:region].to_s.scrub.chomp.strip
  role_arn = opts[:role_arn].to_s.scrub.chomp.strip
  role_session_name = opts[:role_session_name].to_s.scrub.chomp.strip
  duration_seconds = opts[:duration_seconds].to_i

  @@logger.info('Retrieving AWS STS Credentials...')
  sts_client = Aws::STS::Client.new(region: region)
  sts_session = sts_client.assume_role(
    role_arn: role_arn,
    role_session_name: role_session_name,
    duration_seconds: duration_seconds
  )
  @@logger.info("complete.\n")

  sts_session.credentials
rescue StandardError => e
  raise e
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/aws/sts.rb', line 49

public_class_method def self.help
  puts "USAGE:
    credentials = #{self}.get_temp_credentials(
      region: 'required - region name to connect (eu-west-1, ap-southeast-1, ap-southeast-2, eu-central-1, ap-northeast-2, ap-northeast-1, us-east-1, sa-east-1, us-west-1, us-west-2)',
      role_arn: 'required - role arn for instance profile to be used',
      role_session_name: 'required - the name of the instance profile role',
      duration_seconds: 'required - seconds in which sts credentials will expire'
    )

    #{self}.authors
  "
end