class Aws::InstanceProfileCredentials

def access_key_id

Returns:

(String, nil) -

def access_key_id
  refresh_if_stale
  @access_key_id
end

def backoff(failed_attempts)

def backoff(failed_attempts)
  Kernel.sleep(2 ** failed_attempts)
end

def expiration

Returns:

(Time, nil) -

def expiration
  refresh_if_stale
  @expiration
end

def get_credentials

def get_credentials
  failed_attempts = 0
  begin
    open_connection do |conn|
      path = '/latest/meta-data/iam/security-credentials/'
      profile_name = http_get(conn, path).lines.first.strip
      http_get(conn, path + profile_name)
    end
  rescue *FAILURES => e
    if failed_attempts < @retries
      backoff(failed_attempts)
      failed_attempts += 1
      retry
    else
      '{}'
    end
  end
end

def http_get(connection, path)

def http_get(connection, path)
  response = connection.request(Net::HTTP::Get.new(path))
  if response.code.to_i == 200
    response.body
  else
    raise Non200Response
  end
end

def initialize options = {}

Options Hash: (**options)

:http_debug_output (IO) -- HTTP wire
:http_read_timeout (Float) --
:http_open_timeout (Float) --
:port (Integer) --
:ip_address (String) --
:retries (Integer) -- Number of times to retry

Parameters:

options (Hash) --

def initialize options = {}
  @retries = options[:retries] || 0
  @ip_address = options[:ip_address] || '169.254.169.254'
  @port = options[:port] || 80
  @http_open_timeout = options[:http_open_timeout] || 1
  @http_read_timeout = options[:http_read_timeout] || 1
  @http_debug_output = options[:http_debug_output]
  @refresh_mutex = Mutex.new
  refresh!
end

def open_connection

def open_connection
  http = Net::HTTP.new(@ip_address, @port, nil)
  http.open_timeout = @http_open_timeout
  http.read_timeout = @http_read_timeout
  http.set_debug_output(@http_debug_output) if @http_debug_output
  http.start
  yield(http).tap { http.finish }
end

def refresh!

def refresh!
  @refresh_mutex.synchronize do
    credentials = MultiJson.load(get_credentials)
    @access_key_id = credentials['AccessKeyId']
    @secret_access_key = credentials['SecretAccessKey']
    @session_token = credentials['Token']
    if expires = credentials['Expiration']
      @expiration = Time.parse(expires)
    else
      @expiration = nil
    end
  end
end

def refresh_if_stale

5 minutes of expiration.
Refreshes instance metadata credentials if they are within

def refresh_if_stale
  refresh! if @expiration && @expiration.utc <= Time.now.utc + 5 * 60
end

def secret_access_key

Returns:

(String, nil) -

def secret_access_key
  refresh_if_stale
  @secret_access_key
end

def session_token

Returns:

(String, nil) -

def session_token
  refresh_if_stale
  @session_token
end

Modules

Classes

class Aws::InstanceProfileCredentials

def access_key_id

def backoff(failed_attempts)

def expiration

def get_credentials

def http_get(connection, path)

def initialize options = {}

def open_connection

def refresh!

def refresh_if_stale

def secret_access_key

def session_token

Namespace

Classes in this namespace

Parent class

Instance Methods

Defined in