class AWS::STS


ec2.instances.to_a
ec2 = AWS::EC2.new(session.credentials)
session = sts.new_federated_session(“TemporaryUser”, :policy => policy)
:resources => :any)
policy.allow(:actions => [“s3:*”, “ec2:*”],
policy = AWS::STS::Policy.new
@example Getting temporary credentials with restricted permissions
ec2.instances.to_a
ec2 = AWS::EC2.new(session.credentials)
session = sts.new_session(:duration => 60*60)
:secret_access_key => “LONG_TERM_SECRET”)
sts = AWS::STS.new(:access_key_id => “LONG_TERM_KEY”,
@example Getting temporary credentials and using them to make an EC2 request
IAM users.
credentials for users that you authenticate (federated users), or
that enables you to request temporary, limited-privilege
Token Service. The AWS Security Token Service is a web service
This class is a starting point for working with the AWS Security

def get_session(method, opts = {}) 

def get_session(method, opts = {})
  opts[:duration_seconds] = opts.delete(:duration) if opts[:duration]
  resp = client.send(method, opts)
  credentials = resp[:credentials].dup
  session_opts = {
    :credentials => credentials,
    :expires_at => credentials.delete(:expiration),
  }
  yield(resp, session_opts)
end

def new_federated_session(name, opts = {})

Returns:
  • (FederatedSession) -

Options Hash: (**opts)
  • :policy (String, AWS::STS::Policy) -- A policy
  • :duration (Integer) -- The duration, in seconds, that

Parameters:
  • opts (Hash) -- Options for getting temporary credentials.
  • name (String) -- The name of the federated user associated 
def new_federated_session(name, opts = {})
  opts = opts.merge(:name => name)
  case
  when opts[:policy].kind_of?(String) || !opts[:policy]
    # leave it alone
  when opts[:policy].respond_to?(:to_json)
    opts[:policy] = opts[:policy].to_json
  end
  get_session(:get_federation_token, opts) do |resp, session_opts|
    session_opts.merge!(
      :user_id => resp[:federated_user][:federated_user_id],
      :user_arn => resp[:federated_user][:arn],
      :packed_policy_size => resp[:packed_policy_size]
    )
    FederatedSession.new(session_opts)
  end
end

def new_session(opts = {})

Returns:
  • (Session) -

Options Hash: (**opts)
  • :token_code (String) --
  • :serial_number (String) --
  • :duration (Integer) -- The duration, in seconds, that

Parameters:
  • opts (Hash) -- Options for getting temporary credentials. 
def new_session(opts = {})
  get_session(:get_session_token, opts) do |resp, session_opts|
    Session.new(session_opts)
  end
end