This credential provider tries to get credentials from the EC2 metadata service.
These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error. @api private
@return [Time,nil]
@return [Object,nil]
@return [Float]
@return [Float]
@return [String] Defaults to '169.254.169.254'.
@return [Integer] Defaults to port 80.
@param [Hash] options @option options [String] :ip_address ('169.254.169.254') @option options [Integer] :port (80) @option options [Float] :http_open_timeout (1) @option options [Float] :http_read_timeout (1) @option options [Object] :http_debug_output (nil) HTTP wire
traces are sent to this object. You can specify something like $stdout.
# File lib/aws/core/credential_providers.rb, line 281 def initialize options = {} @ip_address = options[:ip_address] || '169.254.169.254' @port = options[:port] || 80 @http_open_timeout = options[:http_open_timeout] || 1 @http_read_timeout = options[:http_read_timeout] || 1 @http_debug_output = options[:http_debug_output] end
Refresh provider if existing credentials will be expired in 5 min @return [Hash] Returns a hash of credentials containg at least
the `:access_key_id` and `:secret_access_key`. The hash may also contain a `:session_token`.
@raise [Errors::MissingCredentialsError] Raised when the
`:access_key_id` or the `:secret_access_key` can not be found.
# File lib/aws/core/credential_providers.rb, line 315 def credentials if @credentials_expiration && @credentials_expiration.utc <= Time.now.utc - 5 * 60 refresh end super end
Makes an HTTP Get request with the given path. If a non-200 response is received, then a FailedRequestError is raised. a {FailedRequestError} is raised. @param [Net::HTTPSession] session @param [String] path @raise [FailedRequestError] @return [String] Returns the http response body.
# File lib/aws/core/credential_providers.rb, line 365 def get session, path response = session.request(Net::HTTP::Get.new(path)) if response.code.to_i == 200 response.body else raise FailedRequestError end end
(see AWS::Core::CredentialProviders::Provider#get_credentials)
# File lib/aws/core/credential_providers.rb, line 325 def get_credentials begin http = Net::HTTP.new(ip_address, port) http.open_timeout = http_open_timeout http.read_timeout = http_read_timeout http.set_debug_output(http_debug_output) if http_debug_output http.start # get the first/default instance profile name path = '/latest/meta-data/iam/security-credentials/' profile_name = get(http, path).lines.map(&:strip).first # get the session details from the instance profile name path << profile_name session = JSON.parse(get(http, path)) http.finish credentials = {} credentials[:access_key_id] = session['AccessKeyId'] credentials[:secret_access_key] = session['SecretAccessKey'] credentials[:session_token] = session['Token'] @credentials_expiration = Time.parse(session['Expiration']) credentials rescue *FAILURES => e {} end end