Sample code for 30+ languages & platforms
C#

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat C# Downloads

C#
bool success = false;

//  This example requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

Chilkat.Rest rest = new Chilkat.Rest();

//  Connect to the Amazon AWS REST server.
//  such as https://sts.us-west-2.amazonaws.com/
bool bTls = true;
int port = 443;
bool bAutoReconnect = true;
success = rest.Connect("sts.us-west-2.amazonaws.com",port,bTls,bAutoReconnect);

//  Provide AWS credentials for the REST call.
Chilkat.AuthAws authAws = new Chilkat.AuthAws();
authAws.AccessKey = "AWS_ACCESS_KEY";
authAws.SecretKey = "AWS_SECRET_KEY";
//  the region should match our URL above..
//  See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
authAws.Region = "us-west-2";
authAws.ServiceName = "sts";

rest.SetAuthAws(authAws);

//  Sample Request
//  https://sts.amazonaws.com/
//  ?Version=2011-06-15
//  &Action=AssumeRole
//  &RoleSessionName=testAR
//  &RoleArn=arn:aws:iam::123456789012:role/demo
//  &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
//  &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
//  &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
//  "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
//  &DurationSeconds=3600
//  &Tags.member.1.Key=Project
//  &Tags.member.1.Value=Pegasus
//  &Tags.member.2.Key=Team
//  &Tags.member.2.Value=Engineering
//  &Tags.member.3.Key=Cost-Center
//  &Tags.member.3.Value=12345
//  &TransitiveTagKeys.member.1=Project
//  &TransitiveTagKeys.member.2=Cost-Center
//  &ExternalId=123ABC
//  &SourceIdentity=Alice
//  &AUTHPARAMS

rest.AddQueryParam("Version","2011-06-15");
rest.AddQueryParam("Action","AssumeRole");
rest.AddQueryParam("DurationSeconds","3600");

rest.AddQueryParam("RoleSessionName","testAR");
rest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo");
rest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1");
rest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2");
rest.AddQueryParam("Policy","{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}");
rest.AddQueryParam("Tags.member.1.Key","Project");
rest.AddQueryParam("Tags.member.1.Value","Pegasus");
rest.AddQueryParam("Tags.member.2.Key","Team");
rest.AddQueryParam("Tags.member.2.Value","Engineering");
rest.AddQueryParam("Tags.member.3.Key","Cost-Center");
rest.AddQueryParam("Tags.member.3.Value","12345");
rest.AddQueryParam("TransitiveTagKeys.member.1","Project");
rest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center");
rest.AddQueryParam("ExternalId","123ABC");
rest.AddQueryParam("SourceIdentity","Alice");

string responseXml = rest.FullRequestNoBody("GET","/");
if (rest.LastMethodSuccess != true) {
    Debug.WriteLine(rest.LastErrorText);
    return;
}

//  A successful response will have a status code equal to 200.
if (rest.ResponseStatusCode != 200) {
    Debug.WriteLine("response status code = " + Convert.ToString(rest.ResponseStatusCode));
    Debug.WriteLine("response status text = " + rest.ResponseStatusText);
    Debug.WriteLine("response header: " + rest.ResponseHeader);
    Debug.WriteLine("response body: " + responseXml);
    return;
}

//  Examine the successful XML response (shown below)
Chilkat.Xml xml = new Chilkat.Xml();
xml.LoadXml(responseXml);
Debug.WriteLine(xml.GetXml());

//  Sample response:

//  <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
//    <AssumeRoleResult>
//    <SourceIdentity>Alice</SourceIdentity>
//      <AssumedRoleUser>
//        <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
//        <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
//      </AssumedRoleUser>
//      <Credentials>
//        <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
//        <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
//        <SessionToken>
//         AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
//         LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
//         QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
//         9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
//         +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
//        </SessionToken>
//        <Expiration>2019-11-09T13:34:41Z</Expiration>
//      </Credentials>
//      <PackedPolicySize>6</PackedPolicySize>
//    </AssumeRoleResult>
//    <ResponseMetadata>
//      <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
//    </ResponseMetadata>
//  </AssumeRoleResponse>

//  Sample parse code:

string AssumeRoleResponse_xmlns = xml.GetAttrValue("xmlns");
string SourceIdentity = xml.GetChildContent("AssumeRoleResult|SourceIdentity");
string Arn = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn");
string AssumedRoleId = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId");
string AccessKeyId = xml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId");
string SecretAccessKey = xml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey");
string SessionToken = xml.GetChildContent("AssumeRoleResult|Credentials|SessionToken");
string Expiration = xml.GetChildContent("AssumeRoleResult|Credentials|Expiration");
int PackedPolicySize = xml.GetChildIntValue("AssumeRoleResult|PackedPolicySize");
string RequestId = xml.GetChildContent("ResponseMetadata|RequestId");

//  Save the session token XML to a file for use by another Chilkat example..
success = xml.SaveXml("qa_data/tokens/aws_session_token.xml");