class Google::Auth::ExternalAccount::AwsCredentials

def fetch_security_credentials

credentials environment variables or from the AWS metadata server.
Retrieves the AWS security credentials required for signing AWS requests from either the AWS security

def fetch_security_credentials
  env_aws_access_key_id = ENV[CredentialsLoader::AWS_ACCESS_KEY_ID_VAR]
  env_aws_secret_access_key = ENV[CredentialsLoader::AWS_SECRET_ACCESS_KEY_VAR]
  # This is normally not available for permanent credentials.
  env_aws_session_token = ENV[CredentialsLoader::AWS_SESSION_TOKEN_VAR]
  if env_aws_access_key_id && env_aws_secret_access_key
    return {
      access_key_id: env_aws_access_key_id,
      secret_access_key: env_aws_secret_access_key,
      session_token: env_aws_session_token
    }
  end
  role_name = fetch_metadata_role_name
  credentials = fetch_metadata_security_credentials role_name
  {
    access_key_id: credentials["AccessKeyId"],
    secret_access_key: credentials["SecretAccessKey"],
    session_token: credentials["Token"]
  }
end

Included Modules

Extended Modules

Google::Auth::CredentialsLoader

Modules

Classes

class Google::Auth::ExternalAccount::AwsCredentials

def fetch_security_credentials

Included Modules

Extended Modules

Instance Methods