DataFlex
DataFlex
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoRest
Boolean iBTls
Integer iPort
Boolean iBAutoReconnect
Variant vAuthAws
Handle hoAuthAws
String sResponseXml
Handle hoXml
String sAssumeRoleResponse_xmlns
String sSourceIdentity
String sArn
String sAssumedRoleId
String sAccessKeyId
String sSecretAccessKey
String sSessionToken
String sExpiration
Integer iPackedPolicySize
String sRequestId
String sTemp1
Integer iTemp1
Boolean bTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatRest)) To hoRest
If (Not(IsComObjectCreated(hoRest))) Begin
Send CreateComObject of hoRest
End
// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
Move True To iBTls
Move 443 To iPort
Move True To iBAutoReconnect
Get ComConnect Of hoRest "sts.us-west-2.amazonaws.com" iPort iBTls iBAutoReconnect To iSuccess
// Provide AWS credentials for the REST call.
Get Create (RefClass(cComChilkatAuthAws)) To hoAuthAws
If (Not(IsComObjectCreated(hoAuthAws))) Begin
Send CreateComObject of hoAuthAws
End
Set ComAccessKey Of hoAuthAws To "AWS_ACCESS_KEY"
Set ComSecretKey Of hoAuthAws To "AWS_SECRET_KEY"
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
Set ComRegion Of hoAuthAws To "us-west-2"
Set ComServiceName Of hoAuthAws To "sts"
Get pvComObject of hoAuthAws to vAuthAws
Get ComSetAuthAws Of hoRest vAuthAws To iSuccess
// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS
Get ComAddQueryParam Of hoRest "Version" "2011-06-15" To iSuccess
Get ComAddQueryParam Of hoRest "Action" "AssumeRole" To iSuccess
Get ComAddQueryParam Of hoRest "DurationSeconds" "3600" To iSuccess
Get ComAddQueryParam Of hoRest "RoleSessionName" "testAR" To iSuccess
Get ComAddQueryParam Of hoRest "RoleArn" "arn:aws:iam::123456789012:role/demo" To iSuccess
Get ComAddQueryParam Of hoRest "PolicyArns.member.1.arn" "arn:aws:iam::123456789012:policy/demopolicy1" To iSuccess
Get ComAddQueryParam Of hoRest "PolicyArns.member.2.arn" "arn:aws:iam::123456789012:policy/demopolicy2" To iSuccess
Get ComAddQueryParam Of hoRest "Policy" '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}' To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.1.Key" "Project" To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.1.Value" "Pegasus" To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.2.Key" "Team" To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.2.Value" "Engineering" To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.3.Key" "Cost-Center" To iSuccess
Get ComAddQueryParam Of hoRest "Tags.member.3.Value" "12345" To iSuccess
Get ComAddQueryParam Of hoRest "TransitiveTagKeys.member.1" "Project" To iSuccess
Get ComAddQueryParam Of hoRest "TransitiveTagKeys.member.2" "Cost-Center" To iSuccess
Get ComAddQueryParam Of hoRest "ExternalId" "123ABC" To iSuccess
Get ComAddQueryParam Of hoRest "SourceIdentity" "Alice" To iSuccess
Get ComFullRequestNoBody Of hoRest "GET" "/" To sResponseXml
Get ComLastMethodSuccess Of hoRest To bTemp1
If (bTemp1 <> True) Begin
Get ComLastErrorText Of hoRest To sTemp1
Showln sTemp1
Procedure_Return
End
// A successful response will have a status code equal to 200.
Get ComResponseStatusCode Of hoRest To iTemp1
If (iTemp1 <> 200) Begin
Get ComResponseStatusCode Of hoRest To iTemp1
Showln "response status code = " iTemp1
Get ComResponseStatusText Of hoRest To sTemp1
Showln "response status text = " sTemp1
Get ComResponseHeader Of hoRest To sTemp1
Showln "response header: " sTemp1
Showln "response body: " sResponseXml
Procedure_Return
End
// Examine the successful XML response (shown below)
Get Create (RefClass(cComChilkatXml)) To hoXml
If (Not(IsComObjectCreated(hoXml))) Begin
Send CreateComObject of hoXml
End
Get ComLoadXml Of hoXml sResponseXml To iSuccess
Get ComGetXml Of hoXml To sTemp1
Showln sTemp1
// Sample response:
// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
// <AssumeRoleResult>
// <SourceIdentity>Alice</SourceIdentity>
// <AssumedRoleUser>
// <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
// <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
// </AssumedRoleUser>
// <Credentials>
// <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
// <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
// <SessionToken>
// AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
// LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
// QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
// 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
// +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
// </SessionToken>
// <Expiration>2019-11-09T13:34:41Z</Expiration>
// </Credentials>
// <PackedPolicySize>6</PackedPolicySize>
// </AssumeRoleResult>
// <ResponseMetadata>
// <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
// </ResponseMetadata>
// </AssumeRoleResponse>
// Sample parse code:
Get ComGetAttrValue Of hoXml "xmlns" To sAssumeRoleResponse_xmlns
Get ComGetChildContent Of hoXml "AssumeRoleResult|SourceIdentity" To sSourceIdentity
Get ComGetChildContent Of hoXml "AssumeRoleResult|AssumedRoleUser|Arn" To sArn
Get ComGetChildContent Of hoXml "AssumeRoleResult|AssumedRoleUser|AssumedRoleId" To sAssumedRoleId
Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|AccessKeyId" To sAccessKeyId
Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|SecretAccessKey" To sSecretAccessKey
Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|SessionToken" To sSessionToken
Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|Expiration" To sExpiration
Get ComGetChildIntValue Of hoXml "AssumeRoleResult|PackedPolicySize" To iPackedPolicySize
Get ComGetChildContent Of hoXml "ResponseMetadata|RequestId" To sRequestId
// Save the session token XML to a file for use by another Chilkat example..
Get ComSaveXml Of hoXml "qa_data/tokens/aws_session_token.xml" To iSuccess
End_Procedure