class AWS::STS


ec2.instances.to_a
ec2 = AWS::EC2.new(session.credentials)
session = sts.new_federated_session(“TemporaryUser”, :policy => policy)
:resources => :any)
policy.allow(:actions => [“s3:*”, “ec2:*”],
policy = AWS::STS::Policy.new
@example Getting temporary credentials with restricted permissions
ec2.instances.to_a
ec2 = AWS::EC2.new(session.credentials)
session = AWS::STS.new.new_session(:duration => 60*60)
:secret_access_key => “LONG_TERM_SECRET”)
sts = AWS::STS.new(:access_key_id => “LONG_TERM_KEY”,
@example Getting temporary credentials and using them to make an EC2 request
IAM users.
credentials for users that you authenticate (federated users), or
that enables you to request temporary, limited-privilege
Token Service. The AWS Security Token Service is a web service
This class is a starting point for working with the AWS Security

def get_session(method, opts = {}) 

def get_session(method, opts = {})
  opts[:duration_seconds] = opts.delete(:duration) if
    opts[:duration]
  resp = client.send(method, opts)
  credentials = resp.credentials
  session_opts = {
    :credentials => {
      :access_key_id => credentials.access_key_id,
      :secret_access_key => credentials.secret_access_key,
      :session_token => credentials.session_token
    },
    :expires_at => credentials.expiration
  }
  yield(resp, session_opts)
end

def new_federated_session(name, opts = {})

Returns:
  • (FederatedSession) -

Options Hash: (**opts)
  • :policy (String, AWS::STS::Policy) -- A policy
  • :duration (Integer) -- The duration, in seconds, that

Parameters:
  • opts (Hash) -- Options for getting temporary credentials.
  • name (String) -- The name of the federated user associated 
def new_federated_session(name, opts = {})
  opts = opts.merge(:name => name)
  case
  when opts[:policy].kind_of?(String) || !opts[:policy]
    # leave it alone
  when opts[:policy].respond_to?(:to_json)
    opts[:policy] = opts[:policy].to_json
  end
  get_session(:get_federation_token, opts) do |resp, session_opts|
    session_opts.merge!(:user_id => resp.federated_user.federated_user_id,
                        :user_arn => resp.federated_user.arn,
                        :packed_policy_size => resp.packed_policy_size)
    FederatedSession.new(session_opts)
  end
end

def new_session(opts = {})

Returns:
  • (Session) -

Options Hash: (**opts)
  • :duration (Integer) -- The duration, in seconds, that

Parameters:
  • opts (Hash) -- Options for getting temporary credentials. 
def new_session(opts = {})
  get_session(:get_session_token, opts) do |resp, session_opts|
    Session.new(session_opts)
  end
end