SQL Server
SQL Server
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @rest int
EXEC @hr = sp_OACreate 'Chilkat.Rest', @rest OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Connect to the Amazon AWS REST server.
-- such as https://sts.us-west-2.amazonaws.com/
DECLARE @bTls int
SELECT @bTls = 1
DECLARE @port int
SELECT @port = 443
DECLARE @bAutoReconnect int
SELECT @bAutoReconnect = 1
EXEC sp_OAMethod @rest, 'Connect', @success OUT, 'sts.us-west-2.amazonaws.com', @port, @bTls, @bAutoReconnect
-- Provide AWS credentials for the REST call.
DECLARE @authAws int
EXEC @hr = sp_OACreate 'Chilkat.AuthAws', @authAws OUT
EXEC sp_OASetProperty @authAws, 'AccessKey', 'AWS_ACCESS_KEY'
EXEC sp_OASetProperty @authAws, 'SecretKey', 'AWS_SECRET_KEY'
-- the region should match our URL above..
-- See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
EXEC sp_OASetProperty @authAws, 'Region', 'us-west-2'
EXEC sp_OASetProperty @authAws, 'ServiceName', 'sts'
EXEC sp_OAMethod @rest, 'SetAuthAws', @success OUT, @authAws
-- Sample Request
-- https://sts.amazonaws.com/
-- ?Version=2011-06-15
-- &Action=AssumeRole
-- &RoleSessionName=testAR
-- &RoleArn=arn:aws:iam::123456789012:role/demo
-- &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
-- &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
-- &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
-- "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
-- &DurationSeconds=3600
-- &Tags.member.1.Key=Project
-- &Tags.member.1.Value=Pegasus
-- &Tags.member.2.Key=Team
-- &Tags.member.2.Value=Engineering
-- &Tags.member.3.Key=Cost-Center
-- &Tags.member.3.Value=12345
-- &TransitiveTagKeys.member.1=Project
-- &TransitiveTagKeys.member.2=Cost-Center
-- &ExternalId=123ABC
-- &SourceIdentity=Alice
-- &AUTHPARAMS
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Version', '2011-06-15'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Action', 'AssumeRole'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'DurationSeconds', '3600'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'RoleSessionName', 'testAR'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'RoleArn', 'arn:aws:iam::123456789012:role/demo'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'PolicyArns.member.1.arn', 'arn:aws:iam::123456789012:policy/demopolicy1'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'PolicyArns.member.2.arn', 'arn:aws:iam::123456789012:policy/demopolicy2'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Policy', '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.1.Key', 'Project'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.1.Value', 'Pegasus'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.2.Key', 'Team'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.2.Value', 'Engineering'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.3.Key', 'Cost-Center'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'Tags.member.3.Value', '12345'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'TransitiveTagKeys.member.1', 'Project'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'TransitiveTagKeys.member.2', 'Cost-Center'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'ExternalId', '123ABC'
EXEC sp_OAMethod @rest, 'AddQueryParam', @success OUT, 'SourceIdentity', 'Alice'
DECLARE @responseXml nvarchar(4000)
EXEC sp_OAMethod @rest, 'FullRequestNoBody', @responseXml OUT, 'GET', '/'
EXEC sp_OAGetProperty @rest, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 <> 1
BEGIN
EXEC sp_OAGetProperty @rest, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @rest
EXEC @hr = sp_OADestroy @authAws
RETURN
END
-- A successful response will have a status code equal to 200.
EXEC sp_OAGetProperty @rest, 'ResponseStatusCode', @iTmp0 OUT
IF @iTmp0 <> 200
BEGIN
EXEC sp_OAGetProperty @rest, 'ResponseStatusCode', @iTmp0 OUT
PRINT 'response status code = ' + @iTmp0
EXEC sp_OAGetProperty @rest, 'ResponseStatusText', @sTmp0 OUT
PRINT 'response status text = ' + @sTmp0
EXEC sp_OAGetProperty @rest, 'ResponseHeader', @sTmp0 OUT
PRINT 'response header: ' + @sTmp0
PRINT 'response body: ' + @responseXml
EXEC @hr = sp_OADestroy @rest
EXEC @hr = sp_OADestroy @authAws
RETURN
END
-- Examine the successful XML response (shown below)
DECLARE @xml int
EXEC @hr = sp_OACreate 'Chilkat.Xml', @xml OUT
EXEC sp_OAMethod @xml, 'LoadXml', @success OUT, @responseXml
EXEC sp_OAMethod @xml, 'GetXml', @sTmp0 OUT
PRINT @sTmp0
-- Sample response:
-- <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
-- <AssumeRoleResult>
-- <SourceIdentity>Alice</SourceIdentity>
-- <AssumedRoleUser>
-- <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
-- <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
-- </AssumedRoleUser>
-- <Credentials>
-- <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
-- <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
-- <SessionToken>
-- AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
-- LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
-- QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
-- 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
-- +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
-- </SessionToken>
-- <Expiration>2019-11-09T13:34:41Z</Expiration>
-- </Credentials>
-- <PackedPolicySize>6</PackedPolicySize>
-- </AssumeRoleResult>
-- <ResponseMetadata>
-- <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
-- </ResponseMetadata>
-- </AssumeRoleResponse>
-- Sample parse code:
DECLARE @AssumeRoleResponse_xmlns nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetAttrValue', @AssumeRoleResponse_xmlns OUT, 'xmlns'
DECLARE @SourceIdentity nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @SourceIdentity OUT, 'AssumeRoleResult|SourceIdentity'
DECLARE @Arn nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @Arn OUT, 'AssumeRoleResult|AssumedRoleUser|Arn'
DECLARE @AssumedRoleId nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @AssumedRoleId OUT, 'AssumeRoleResult|AssumedRoleUser|AssumedRoleId'
DECLARE @AccessKeyId nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @AccessKeyId OUT, 'AssumeRoleResult|Credentials|AccessKeyId'
DECLARE @SecretAccessKey nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @SecretAccessKey OUT, 'AssumeRoleResult|Credentials|SecretAccessKey'
DECLARE @SessionToken nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @SessionToken OUT, 'AssumeRoleResult|Credentials|SessionToken'
DECLARE @Expiration nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @Expiration OUT, 'AssumeRoleResult|Credentials|Expiration'
DECLARE @PackedPolicySize int
EXEC sp_OAMethod @xml, 'GetChildIntValue', @PackedPolicySize OUT, 'AssumeRoleResult|PackedPolicySize'
DECLARE @RequestId nvarchar(4000)
EXEC sp_OAMethod @xml, 'GetChildContent', @RequestId OUT, 'ResponseMetadata|RequestId'
-- Save the session token XML to a file for use by another Chilkat example..
EXEC sp_OAMethod @xml, 'SaveXml', @success OUT, 'qa_data/tokens/aws_session_token.xml'
EXEC @hr = sp_OADestroy @rest
EXEC @hr = sp_OADestroy @authAws
EXEC @hr = sp_OADestroy @xml
END
GO