class Aws::AssumeRoleWebIdentityCredentials

@see Aws::STS::Client#assume_role_with_web_identity
constructed with additional options that were provided.
If you omit ‘:client` option, a new {Aws::STS::Client} object will be
ec2 = Aws::EC2::Client.new(credentials: role_credentials)
)

role_session_name: “session-name”
web_identity_token_file: “/path/to/token/file”,
role_arn: “linked::account::arn”,
client: Aws::STS::Client.new(…),
role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
{Aws::STS::Client#assume_role_with_web_identity}.
An auto-refreshing credential provider that assumes a role via

def _session_name 

def _session_name
  Base64.strict_encode64(SecureRandom.uuid)
end

def _token_from_file(path) 

def _token_from_file(path)
  unless path && File.exist?(path)
    raise Aws::Errors::MissingWebIdentityTokenFile.new
  end
  File.read(path)
end

def assume_role_web_identity_options

Other tags:
    Api: - private 
def assume_role_web_identity_options
  @arwio ||= begin
    input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
    Set.new(input.shape.member_names)
  end
end

def initialize(options = {})

Options Hash: (**options)
  • before_refresh (Callable) -- Proc called before
  • :client (STS::Client) --
  • :role_session_name (String) -- the IAM session
  • :web_identity_token_file (required, String) --
  • :role_arn (required, String) -- the IAM role

Parameters:
  • options (Hash) -- 
def initialize(options = {})
  client_opts = {}
  @assume_role_web_identity_params = {}
  @token_file = options.delete(:web_identity_token_file)
  @async_refresh = true
  options.each_pair do |key, value|
    if self.class.assume_role_web_identity_options.include?(key)
      @assume_role_web_identity_params[key] = value
    elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
      client_opts[key] = value
    end
  end
  unless @assume_role_web_identity_params[:role_session_name]
    # not provided, generate encoded UUID as session name
    @assume_role_web_identity_params[:role_session_name] = _session_name
  end
  @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
  super
end

def refresh 

def refresh
  # read from token file everytime it refreshes
  @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
  c = @client.assume_role_with_web_identity(
    @assume_role_web_identity_params).credentials
  @credentials = Credentials.new(
    c.access_key_id,
    c.secret_access_key,
    c.session_token
  )
  @expiration = c.expiration
end