Delphi DLL
Delphi DLL
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat Delphi DLL Downloads
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, AuthAws, Rest, Xml;
...
procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
rest: HCkRest;
bTls: Boolean;
port: Integer;
bAutoReconnect: Boolean;
authAws: HCkAuthAws;
responseXml: PWideChar;
xml: HCkXml;
AssumeRoleResponse_xmlns: PWideChar;
SourceIdentity: PWideChar;
Arn: PWideChar;
AssumedRoleId: PWideChar;
AccessKeyId: PWideChar;
SecretAccessKey: PWideChar;
SessionToken: PWideChar;
Expiration: PWideChar;
PackedPolicySize: Integer;
RequestId: PWideChar;
begin
success := False;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
rest := CkRest_Create();
// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
bTls := True;
port := 443;
bAutoReconnect := True;
success := CkRest_Connect(rest,'sts.us-west-2.amazonaws.com',port,bTls,bAutoReconnect);
// Provide AWS credentials for the REST call.
authAws := CkAuthAws_Create();
CkAuthAws_putAccessKey(authAws,'AWS_ACCESS_KEY');
CkAuthAws_putSecretKey(authAws,'AWS_SECRET_KEY');
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
CkAuthAws_putRegion(authAws,'us-west-2');
CkAuthAws_putServiceName(authAws,'sts');
CkRest_SetAuthAws(rest,authAws);
// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS
CkRest_AddQueryParam(rest,'Version','2011-06-15');
CkRest_AddQueryParam(rest,'Action','AssumeRole');
CkRest_AddQueryParam(rest,'DurationSeconds','3600');
CkRest_AddQueryParam(rest,'RoleSessionName','testAR');
CkRest_AddQueryParam(rest,'RoleArn','arn:aws:iam::123456789012:role/demo');
CkRest_AddQueryParam(rest,'PolicyArns.member.1.arn','arn:aws:iam::123456789012:policy/demopolicy1');
CkRest_AddQueryParam(rest,'PolicyArns.member.2.arn','arn:aws:iam::123456789012:policy/demopolicy2');
CkRest_AddQueryParam(rest,'Policy','{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}');
CkRest_AddQueryParam(rest,'Tags.member.1.Key','Project');
CkRest_AddQueryParam(rest,'Tags.member.1.Value','Pegasus');
CkRest_AddQueryParam(rest,'Tags.member.2.Key','Team');
CkRest_AddQueryParam(rest,'Tags.member.2.Value','Engineering');
CkRest_AddQueryParam(rest,'Tags.member.3.Key','Cost-Center');
CkRest_AddQueryParam(rest,'Tags.member.3.Value','12345');
CkRest_AddQueryParam(rest,'TransitiveTagKeys.member.1','Project');
CkRest_AddQueryParam(rest,'TransitiveTagKeys.member.2','Cost-Center');
CkRest_AddQueryParam(rest,'ExternalId','123ABC');
CkRest_AddQueryParam(rest,'SourceIdentity','Alice');
responseXml := CkRest__fullRequestNoBody(rest,'GET','/');
if (CkRest_getLastMethodSuccess(rest) <> True) then
begin
Memo1.Lines.Add(CkRest__lastErrorText(rest));
Exit;
end;
// A successful response will have a status code equal to 200.
if (CkRest_getResponseStatusCode(rest) <> 200) then
begin
Memo1.Lines.Add('response status code = ' + IntToStr(CkRest_getResponseStatusCode(rest)));
Memo1.Lines.Add('response status text = ' + CkRest__responseStatusText(rest));
Memo1.Lines.Add('response header: ' + CkRest__responseHeader(rest));
Memo1.Lines.Add('response body: ' + responseXml);
Exit;
end;
// Examine the successful XML response (shown below)
xml := CkXml_Create();
CkXml_LoadXml(xml,responseXml);
Memo1.Lines.Add(CkXml__getXml(xml));
// Sample response:
// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
// <AssumeRoleResult>
// <SourceIdentity>Alice</SourceIdentity>
// <AssumedRoleUser>
// <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
// <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
// </AssumedRoleUser>
// <Credentials>
// <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
// <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
// <SessionToken>
// AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
// LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
// QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
// 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
// +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
// </SessionToken>
// <Expiration>2019-11-09T13:34:41Z</Expiration>
// </Credentials>
// <PackedPolicySize>6</PackedPolicySize>
// </AssumeRoleResult>
// <ResponseMetadata>
// <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
// </ResponseMetadata>
// </AssumeRoleResponse>
// Sample parse code:
AssumeRoleResponse_xmlns := CkXml__getAttrValue(xml,'xmlns');
SourceIdentity := CkXml__getChildContent(xml,'AssumeRoleResult|SourceIdentity');
Arn := CkXml__getChildContent(xml,'AssumeRoleResult|AssumedRoleUser|Arn');
AssumedRoleId := CkXml__getChildContent(xml,'AssumeRoleResult|AssumedRoleUser|AssumedRoleId');
AccessKeyId := CkXml__getChildContent(xml,'AssumeRoleResult|Credentials|AccessKeyId');
SecretAccessKey := CkXml__getChildContent(xml,'AssumeRoleResult|Credentials|SecretAccessKey');
SessionToken := CkXml__getChildContent(xml,'AssumeRoleResult|Credentials|SessionToken');
Expiration := CkXml__getChildContent(xml,'AssumeRoleResult|Credentials|Expiration');
PackedPolicySize := CkXml_GetChildIntValue(xml,'AssumeRoleResult|PackedPolicySize');
RequestId := CkXml__getChildContent(xml,'ResponseMetadata|RequestId');
// Save the session token XML to a file for use by another Chilkat example..
success := CkXml_SaveXml(xml,'qa_data/tokens/aws_session_token.xml');
CkRest_Dispose(rest);
CkAuthAws_Dispose(authAws);
CkXml_Dispose(xml);
end;