class Aws::AssumeRoleCredentials

An auto-refreshing credential provider that works by assuming a role via {Aws::STS::Client#assume_role}.

role_credentials = Aws::AssumeRoleCredentials.new(
  client: Aws::STS::Client.new(...),
  role_arn: "linked::account::arn",
  role_session_name: "session-name"
)

ec2 = Aws::EC2::Client.new(credentials: role_credentials)

If you omit `:client` option, a new {STS::Client} object will be constructed.

Attributes

client[R]

@return [STS::Client]

Public Class Methods

new(options = {}) click to toggle source

@option options [required, String] :role_arn @option options [required, String] :role_session_name @option options [String] :policy @option options [Integer] :duration_seconds @option options [String] :external_id @option opitons [STS::Client] :client

Calls superclass method Aws::RefreshingCredentials.new
# File lib/aws-sdk-core/assume_role_credentials.rb, line 27
def initialize(options = {})
  @options = options.dup
  @client = @options.delete(:client) || STS::Client.new
  super
end

Private Instance Methods

refresh() click to toggle source
# File lib/aws-sdk-core/assume_role_credentials.rb, line 38
def refresh
  c = @client.assume_role(@options).credentials
  @credentials = Credentials.new(
    c.access_key_id,
    c.secret_access_key,
    c.session_token
  )
  @expiration = c.expiration
end