Documentation
¶
Index ¶
- Constants
- func GetAssumeRoleCreds(arn string, input *ResolveRoleChainInput, config *aws.Config) (creds credentials.Value, err error)
- func GetEC2RoleCreds() (credentials.Value, error)
- func NewBasicEC2RoleProvider() (*ec2rolecreds.EC2RoleProvider, error)
- func ResolveRoleChain(input *ResolveRoleChainInput) (accessKey string, secretAccessKey string, sessionToken string, err error)
- func SvcToBasicCreds(c *sts.Credentials) credentials.Value
- type ResolveRoleChainInput
- type ResolveRoleChainLog
Constants ¶
const ( // InstanceRoleChainAlias can be used at the head of a role chain to use seed the walk // with credentials from the metadata service. InstanceRoleChainAlias = "instance" // EnvTempRoleChainAlias can be used at the head of a role chain to use seed the walk // with temporary credentials from the environment. // // The keys match those of v1's aws/credentials/env_provider.go: // // AWS_ACCESS_KEY_ID // AWS_SECRET_ACCESS_KEY // AWS_SESSION_TOKEN EnvTempRoleChainAlias = "env-triple" )
Variables ¶
This section is empty.
Functions ¶
func GetAssumeRoleCreds ¶
func GetAssumeRoleCreds(arn string, input *ResolveRoleChainInput, config *aws.Config) (creds credentials.Value, err error)
GetAssumeRoleCreds returns credentials using the given role.
func GetEC2RoleCreds ¶
func GetEC2RoleCreds() (credentials.Value, error)
GetEC2RoleCreds returns credentials using the given role.
func NewBasicEC2RoleProvider ¶
func NewBasicEC2RoleProvider() (*ec2rolecreds.EC2RoleProvider, error)
NewBasicEC2RoleProvider returns an EC2RoleProvider for a given role.
func ResolveRoleChain ¶
func ResolveRoleChain(input *ResolveRoleChainInput) (accessKey string, secretAccessKey string, sessionToken string, err error)
ResolveRoleChain returns the final credentials triple after walking a list of roles. Each chain element is acquired using the results of the prior AssumeRole API call. initialCreds can be nil, ex. when the first element of the chain is an instance profile that will seed the traversal.
func SvcToBasicCreds ¶
func SvcToBasicCreds(c *sts.Credentials) credentials.Value
SvcToBasicCreds returns a basic credentials triple from the STS version.
Types ¶
type ResolveRoleChainInput ¶
type ResolveRoleChainInput struct {
// Initial access key to seed the traversal's first STS-dependent step
AccessKey string
// Initial secret access key to seed the traversal's first STS-dependent step
SecretAccessKey string
// Initial session token to seed the traversal's first STS-dependent step
SessionToken string
// SessioName will be applied to AssumeRole
SessionName string
// Region uses the format "us-west-2"
Region string
// Chain contains the EC2 metadata URL subpaths and role ARNs
// meta-data/iam/security-credentials/someRole1
// arn:aws:iam::123456789:role/someRole2
Chain []string
// SerialNumber is an MFA device hardware serial number or virtual devce ARN.
SerialNumber string
// TokenCode is a code from an MFA device.
TokenCode string
// DurationSeconds is the session lifetime (min 900).
DurationSeconds int64
}
ResolveRoleChainInput describes the chain to traverse and initial credentials, if any.
func (ResolveRoleChainInput) String ¶
func (i ResolveRoleChainInput) String() string
type ResolveRoleChainLog ¶
type ResolveRoleChainLog []string
ResolveRoleChainLog wraps a standard error and also include more details about the traversal progress to help identify where it stopped.
func (ResolveRoleChainLog) String ¶
func (r ResolveRoleChainLog) String() string
String implements the Stringer interface with a comma-separated list of completed resolution steps.
Source Files