| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | provisional |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.Auth.STS
Description
Retrieve authentication credentials from Secure Token Service
Documentation
Assume a role using the sts:AssumeRole API.
This is a simplified interface suitable for most purposes, but if
you need the full functionality of the sts:AssumeRole API, you
will need to craft your own requests using amazonka-sts. If you
do this, remember to use fetchAuthInBackground so that your
application does not get stuck holding temporary credentials which
have expired.
Arguments
| :: MonadIO m | |
| => FilePath | Path to token file |
| -> Text | Role ARN |
| -> Maybe Text | Role Session Name |
| -> Env' withAuth | |
| -> m Env |
https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
Obtain temporary credentials from sts:AssumeRoleWithWebIdentity.
The STS service provides an access key, secret key, session token, and expiration time. Also spawns a refresh thread that will periodically fetch fresh credentials before the current ones expire.
The implementation is modelled on the C++ SDK: https://github.com/aws/aws-sdk-cpp/blob/6d6dcdbfa377393306bf79585f61baea524ac124/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp#L33
fromWebIdentityEnv :: MonadIO m => Env' withAuth -> m Env Source #
Obtain temporary credentials from
sts:AssumeRoleWithWebIdentity, sourcing arguments from standard
environment variables:
AWS_WEB_IDENTITY_TOKEN_FILE
AWS_ROLE_ARN
AWS_ROLE_SESSION_NAME(optional)
Throws MissingEnvError if a required environment variable is
empty or unset.