class Aws::AssumeRoleCredentials
to be refreshed and it is called with the AssumeRoleCredentials object.
‘before_refresh` is called when AWS credentials are required and need
that can be used to help manage refreshing tokens.
The AssumeRoleCredentials also provides a `before_refresh` callback
constructed.
If you omit `:client` option, a new {STS::Client} object will be
ec2 = Aws::EC2::Client.new(credentials: role_credentials)
)
role_session_name: “session-name”
role_arn: “linked::account::arn”,
client: Aws::STS::Client.new(…),
role_credentials = Aws::AssumeRoleCredentials.new(
a role via {Aws::STS::Client#assume_role}.
An auto-refreshing credential provider that works by assuming
def assume_role_options
- Api: - private
def assume_role_options @aro ||= begin input = STS::Client.api.operation(:assume_role).input Set.new(input.shape.member_names) end end
def initialize(options = {})
(**options)-
before_refresh(Callable) -- Proc called before -
:client(STS::Client) -- -
:external_id(String) -- -
:duration_seconds(Integer) -- -
:policy(String) -- -
:role_session_name(required, String) -- -
:role_arn(required, String) --
def initialize(options = {}) client_opts = {} @assume_role_params = {} options.each_pair do |key, value| if self.class.assume_role_options.include?(key) @assume_role_params[key] = value else client_opts[key] = value end end @client = client_opts[:client] || STS::Client.new(client_opts) super end
def refresh
def refresh c = @client.assume_role(@assume_role_params).credentials @credentials = Credentials.new( c.access_key_id, c.secret_access_key, c.session_token ) @expiration = c.expiration end