Sample code for 30+ languages & platforms
SQL Server

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @rest int
    EXEC @hr = sp_OACreate 'Chilkat.Rest', @rest OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- Connect to the Amazon AWS REST server.
    -- such as https://sts.us-west-2.amazonaws.com/
    DECLARE @bTls int
    SELECT @bTls = 1
    DECLARE @port int
    SELECT @port = 443
    DECLARE @bAutoReconnect int
    SELECT @bAutoReconnect = 1
    EXEC sp_OAMethod @rest, 'Connect', @success OUT, 'sts.us-west-2.amazonaws.com', @port, @bTls, @bAutoReconnect

    -- Provide AWS credentials for the REST call.
    DECLARE @authAws int
    EXEC @hr = sp_OACreate 'Chilkat.AuthAws', @authAws OUT

    EXEC sp_OASetProperty @authAws, 'AccessKey', 'AWS_ACCESS_KEY'
    EXEC sp_OASetProperty @authAws, 'SecretKey', 'AWS_SECRET_KEY'
    -- the region should match our URL above..
    -- See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
    EXEC sp_OASetProperty @authAws, 'Region', 'us-west-2'
    EXEC sp_OASetProperty @authAws, 'ServiceName', 'sts'

    EXEC sp_OAMethod @rest, 'SetAuthAws', @success OUT, @authAws

    -- Sample Request
    -- https://sts.amazonaws.com/
    -- ?Version=2011-06-15
    -- &Action=AssumeRole
    -- &RoleSessionName=testAR
    -- &RoleArn=arn:aws:iam::123456789012:role/demo
    -- &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
    -- &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
    -- &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
    -- "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
    -- &DurationSeconds=3600
    -- &Tags.member.1.Key=Project
    -- &Tags.member.1.Value=Pegasus
    -- &Tags.member.2.Key=Team
    -- &Tags.member.2.Value=Engineering
    -- &Tags.member.3.Key=Cost-Center
    -- &Tags.member.3.Value=12345
    -- &TransitiveTagKeys.member.1=Project
    -- &TransitiveTagKeys.member.2=Cost-Center
    -- &ExternalId=123ABC
    -- &SourceIdentity=Alice
    -- &AUTHPARAMS

    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Version', '2011-06-15'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Action', 'AssumeRole'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'DurationSeconds', '3600'

    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'RoleSessionName', 'testAR'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'RoleArn', 'arn:aws:iam::123456789012:role/demo'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'PolicyArns.member.1.arn', 'arn:aws:iam::123456789012:policy/demopolicy1'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'PolicyArns.member.2.arn', 'arn:aws:iam::123456789012:policy/demopolicy2'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Policy', '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.1.Key', 'Project'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.1.Value', 'Pegasus'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.2.Key', 'Team'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.2.Value', 'Engineering'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.3.Key', 'Cost-Center'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.3.Value', '12345'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'TransitiveTagKeys.member.1', 'Project'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'TransitiveTagKeys.member.2', 'Cost-Center'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'ExternalId', '123ABC'
    EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'SourceIdentity', 'Alice'

    DECLARE @responseXml nvarchar(4000)
    EXEC sp_OAMethod @rest, 'FullRequestNoBody', @responseXml OUT, 'GET', '/'
    EXEC sp_OAGetProperty @rest, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @rest, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @rest
        EXEC @hr = sp_OADestroy @authAws
        RETURN
      END

    -- A successful response will have a status code equal to 200.
    EXEC sp_OAGetProperty @rest, 'ResponseStatusCode', @iTmp0 OUT
    IF @iTmp0 <> 200
      BEGIN

        EXEC sp_OAGetProperty @rest, 'ResponseStatusCode', @iTmp0 OUT
        PRINT 'response status code = ' + @iTmp0

        EXEC sp_OAGetProperty @rest, 'ResponseStatusText', @sTmp0 OUT
        PRINT 'response status text = ' + @sTmp0

        EXEC sp_OAGetProperty @rest, 'ResponseHeader', @sTmp0 OUT
        PRINT 'response header: ' + @sTmp0

        PRINT 'response body: ' + @responseXml
        EXEC @hr = sp_OADestroy @rest
        EXEC @hr = sp_OADestroy @authAws
        RETURN
      END

    -- Examine the successful XML response (shown below)
    DECLARE @xml int
    EXEC @hr = sp_OACreate 'Chilkat.Xml', @xml OUT

    EXEC sp_OAMethod @xml, 'LoadXml', @success OUT, @responseXml
    EXEC sp_OAMethod @xml, 'GetXml', @sTmp0 OUT
    PRINT @sTmp0

    -- Sample response:

    -- <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    --   <AssumeRoleResult>
    --   <SourceIdentity>Alice</SourceIdentity>
    --     <AssumedRoleUser>
    --       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
    --       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
    --     </AssumedRoleUser>
    --     <Credentials>
    --       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
    --       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
    --       <SessionToken>
    --        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
    --        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
    --        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
    --        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
    --        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
    --       </SessionToken>
    --       <Expiration>2019-11-09T13:34:41Z</Expiration>
    --     </Credentials>
    --     <PackedPolicySize>6</PackedPolicySize>
    --   </AssumeRoleResult>
    --   <ResponseMetadata>
    --     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
    --   </ResponseMetadata>
    -- </AssumeRoleResponse>

    -- Sample parse code:

    DECLARE @AssumeRoleResponse_xmlns nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetAttrValue', @AssumeRoleResponse_xmlns OUT, 'xmlns'
    DECLARE @SourceIdentity nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @SourceIdentity OUT, 'AssumeRoleResult|SourceIdentity'
    DECLARE @Arn nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @Arn OUT, 'AssumeRoleResult|AssumedRoleUser|Arn'
    DECLARE @AssumedRoleId nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @AssumedRoleId OUT, 'AssumeRoleResult|AssumedRoleUser|AssumedRoleId'
    DECLARE @AccessKeyId nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @AccessKeyId OUT, 'AssumeRoleResult|Credentials|AccessKeyId'
    DECLARE @SecretAccessKey nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @SecretAccessKey OUT, 'AssumeRoleResult|Credentials|SecretAccessKey'
    DECLARE @SessionToken nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @SessionToken OUT, 'AssumeRoleResult|Credentials|SessionToken'
    DECLARE @Expiration nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @Expiration OUT, 'AssumeRoleResult|Credentials|Expiration'
    DECLARE @PackedPolicySize int
    EXEC sp_OAMethod @xml, 'GetChildIntValue', @PackedPolicySize OUT, 'AssumeRoleResult|PackedPolicySize'
    DECLARE @RequestId nvarchar(4000)
    EXEC sp_OAMethod @xml, 'GetChildContent', @RequestId OUT, 'ResponseMetadata|RequestId'

    -- Save the session token XML to a file for use by another Chilkat example..
    EXEC sp_OAMethod @xml, 'SaveXml', @success OUT, 'qa_data/tokens/aws_session_token.xml'

    EXEC @hr = sp_OADestroy @rest
    EXEC @hr = sp_OADestroy @authAws
    EXEC @hr = sp_OADestroy @xml


END
GO