(AutoIt) AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

For more information, see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

$oRest = ObjCreate("Chilkat.Rest")

; Connect to the Amazon AWS REST server.
; such as https://sts.us-west-2.amazonaws.com/
Local $bTls = True
Local $iPort = 443
Local $bAutoReconnect = True
Local $bSuccess = $oRest.Connect("sts.us-west-2.amazonaws.com",$iPort,$bTls,$bAutoReconnect)

; Provide AWS credentials for the REST call.
$oAuthAws = ObjCreate("Chilkat.AuthAws")
$oAuthAws.AccessKey = "AWS_ACCESS_KEY"
$oAuthAws.SecretKey = "AWS_SECRET_KEY"
; the region should match our URL above..
; See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
$oAuthAws.Region = "us-west-2"
$oAuthAws.ServiceName = "sts"

$oRest.SetAuthAws($oAuthAws)

; Sample Request
; https://sts.amazonaws.com/
; ?Version=2011-06-15
; &Action=AssumeRole
; &RoleSessionName=testAR
; &RoleArn=arn:aws:iam::123456789012:role/demo
; &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
; &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
; &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
; "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
; &DurationSeconds=3600
; &Tags.member.1.Key=Project
; &Tags.member.1.Value=Pegasus
; &Tags.member.2.Key=Team
; &Tags.member.2.Value=Engineering
; &Tags.member.3.Key=Cost-Center
; &Tags.member.3.Value=12345
; &TransitiveTagKeys.member.1=Project
; &TransitiveTagKeys.member.2=Cost-Center
; &ExternalId=123ABC
; &SourceIdentity=Alice
; &AUTHPARAMS

$oRest.AddQueryParam("Version","2011-06-15")
$oRest.AddQueryParam("Action","AssumeRole")
$oRest.AddQueryParam("DurationSeconds","3600")

$oRest.AddQueryParam("RoleSessionName","testAR")
$oRest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo")
$oRest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1")
$oRest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2")
$oRest.AddQueryParam("Policy","{""Version"":""2012-10-17"",""Statement"":[{""Sid"":""Stmt1"",""Effect"":""Allow"",""Action"":""s3:*"",""Resource"":""*""}]}")
$oRest.AddQueryParam("Tags.member.1.Key","Project")
$oRest.AddQueryParam("Tags.member.1.Value","Pegasus")
$oRest.AddQueryParam("Tags.member.2.Key","Team")
$oRest.AddQueryParam("Tags.member.2.Value","Engineering")
$oRest.AddQueryParam("Tags.member.3.Key","Cost-Center")
$oRest.AddQueryParam("Tags.member.3.Value","12345")
$oRest.AddQueryParam("TransitiveTagKeys.member.1","Project")
$oRest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center")
$oRest.AddQueryParam("ExternalId","123ABC")
$oRest.AddQueryParam("SourceIdentity","Alice")

Local $sResponseXml = $oRest.FullRequestNoBody("GET","/")
If ($oRest.LastMethodSuccess <> True) Then
    ConsoleWrite($oRest.LastErrorText & @CRLF)
    Exit
EndIf

; A successful response will have a status code equal to 200.
If ($oRest.ResponseStatusCode <> 200) Then
    ConsoleWrite("response status code = " & $oRest.ResponseStatusCode & @CRLF)
    ConsoleWrite("response status text = " & $oRest.ResponseStatusText & @CRLF)
    ConsoleWrite("response header: " & $oRest.ResponseHeader & @CRLF)
    ConsoleWrite("response body: " & $sResponseXml & @CRLF)
    Exit
EndIf

; Examine the successful XML response (shown below)
$oXml = ObjCreate("Chilkat.Xml")
$oXml.LoadXml($sResponseXml)
ConsoleWrite($oXml.GetXml() & @CRLF)

; Sample response:

; <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
;   <AssumeRoleResult>
;   <SourceIdentity>Alice</SourceIdentity>
;     <AssumedRoleUser>
;       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
;       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
;     </AssumedRoleUser>
;     <Credentials>
;       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
;       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
;       <SessionToken>
;        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
;        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
;        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
;        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
;        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
;       </SessionToken>
;       <Expiration>2019-11-09T13:34:41Z</Expiration>
;     </Credentials>
;     <PackedPolicySize>6</PackedPolicySize>
;   </AssumeRoleResult>
;   <ResponseMetadata>
;     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
;   </ResponseMetadata>
; </AssumeRoleResponse>

; Sample parse code:

Local $sAssumeRoleResponse_xmlns = $oXml.GetAttrValue("xmlns")
Local $sSourceIdentity = $oXml.GetChildContent("AssumeRoleResult|SourceIdentity")
Local $sArn = $oXml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn")
Local $sAssumedRoleId = $oXml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId")
Local $sAccessKeyId = $oXml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId")
Local $sSecretAccessKey = $oXml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey")
Local $sSessionToken = $oXml.GetChildContent("AssumeRoleResult|Credentials|SessionToken")
Local $sExpiration = $oXml.GetChildContent("AssumeRoleResult|Credentials|Expiration")
Local $iPackedPolicySize = $oXml.GetChildIntValue("AssumeRoleResult|PackedPolicySize")
Local $sRequestId = $oXml.GetChildContent("ResponseMetadata|RequestId")

; Save the session token XML to a file for use by another Chilkat example..
$bSuccess = $oXml.SaveXml("qa_data/tokens/aws_session_token.xml")