Sample code for 30+ languages & platforms
DataFlex

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoRest
    Boolean iBTls
    Integer iPort
    Boolean iBAutoReconnect
    Variant vAuthAws
    Handle hoAuthAws
    String sResponseXml
    Handle hoXml
    String sAssumeRoleResponse_xmlns
    String sSourceIdentity
    String sArn
    String sAssumedRoleId
    String sAccessKeyId
    String sSecretAccessKey
    String sSessionToken
    String sExpiration
    Integer iPackedPolicySize
    String sRequestId
    String sTemp1
    Integer iTemp1
    Boolean bTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatRest)) To hoRest
    If (Not(IsComObjectCreated(hoRest))) Begin
        Send CreateComObject of hoRest
    End

    // Connect to the Amazon AWS REST server.
    // such as https://sts.us-west-2.amazonaws.com/
    Move True To iBTls
    Move 443 To iPort
    Move True To iBAutoReconnect
    Get ComConnect Of hoRest "sts.us-west-2.amazonaws.com" iPort iBTls iBAutoReconnect To iSuccess

    // Provide AWS credentials for the REST call.
    Get Create (RefClass(cComChilkatAuthAws)) To hoAuthAws
    If (Not(IsComObjectCreated(hoAuthAws))) Begin
        Send CreateComObject of hoAuthAws
    End
    Set ComAccessKey Of hoAuthAws To "AWS_ACCESS_KEY"
    Set ComSecretKey Of hoAuthAws To "AWS_SECRET_KEY"
    // the region should match our URL above..
    // See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
    Set ComRegion Of hoAuthAws To "us-west-2"
    Set ComServiceName Of hoAuthAws To "sts"

    Get pvComObject of hoAuthAws to vAuthAws
    Get ComSetAuthAws Of hoRest vAuthAws To iSuccess

    // Sample Request
    // https://sts.amazonaws.com/
    // ?Version=2011-06-15
    // &Action=AssumeRole
    // &RoleSessionName=testAR
    // &RoleArn=arn:aws:iam::123456789012:role/demo
    // &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
    // &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
    // &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
    // "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
    // &DurationSeconds=3600
    // &Tags.member.1.Key=Project
    // &Tags.member.1.Value=Pegasus
    // &Tags.member.2.Key=Team
    // &Tags.member.2.Value=Engineering
    // &Tags.member.3.Key=Cost-Center
    // &Tags.member.3.Value=12345
    // &TransitiveTagKeys.member.1=Project
    // &TransitiveTagKeys.member.2=Cost-Center
    // &ExternalId=123ABC
    // &SourceIdentity=Alice
    // &AUTHPARAMS

    Get ComAddQueryParam Of hoRest "Version" "2011-06-15" To iSuccess
    Get ComAddQueryParam Of hoRest "Action" "AssumeRole" To iSuccess
    Get ComAddQueryParam Of hoRest "DurationSeconds" "3600" To iSuccess

    Get ComAddQueryParam Of hoRest "RoleSessionName" "testAR" To iSuccess
    Get ComAddQueryParam Of hoRest "RoleArn" "arn:aws:iam::123456789012:role/demo" To iSuccess
    Get ComAddQueryParam Of hoRest "PolicyArns.member.1.arn" "arn:aws:iam::123456789012:policy/demopolicy1" To iSuccess
    Get ComAddQueryParam Of hoRest "PolicyArns.member.2.arn" "arn:aws:iam::123456789012:policy/demopolicy2" To iSuccess
    Get ComAddQueryParam Of hoRest "Policy" '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}' To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.1.Key" "Project" To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.1.Value" "Pegasus" To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.2.Key" "Team" To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.2.Value" "Engineering" To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.3.Key" "Cost-Center" To iSuccess
    Get ComAddQueryParam Of hoRest "Tags.member.3.Value" "12345" To iSuccess
    Get ComAddQueryParam Of hoRest "TransitiveTagKeys.member.1" "Project" To iSuccess
    Get ComAddQueryParam Of hoRest "TransitiveTagKeys.member.2" "Cost-Center" To iSuccess
    Get ComAddQueryParam Of hoRest "ExternalId" "123ABC" To iSuccess
    Get ComAddQueryParam Of hoRest "SourceIdentity" "Alice" To iSuccess

    Get ComFullRequestNoBody Of hoRest "GET" "/" To sResponseXml
    Get ComLastMethodSuccess Of hoRest To bTemp1
    If (bTemp1 <> True) Begin
        Get ComLastErrorText Of hoRest To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // A successful response will have a status code equal to 200.
    Get ComResponseStatusCode Of hoRest To iTemp1
    If (iTemp1 <> 200) Begin
        Get ComResponseStatusCode Of hoRest To iTemp1
        Showln "response status code = " iTemp1
        Get ComResponseStatusText Of hoRest To sTemp1
        Showln "response status text = " sTemp1
        Get ComResponseHeader Of hoRest To sTemp1
        Showln "response header: " sTemp1
        Showln "response body: " sResponseXml
        Procedure_Return
    End

    // Examine the successful XML response (shown below)
    Get Create (RefClass(cComChilkatXml)) To hoXml
    If (Not(IsComObjectCreated(hoXml))) Begin
        Send CreateComObject of hoXml
    End
    Get ComLoadXml Of hoXml sResponseXml To iSuccess
    Get ComGetXml Of hoXml To sTemp1
    Showln sTemp1

    // Sample response:

    // <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    //   <AssumeRoleResult>
    //   <SourceIdentity>Alice</SourceIdentity>
    //     <AssumedRoleUser>
    //       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
    //       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
    //     </AssumedRoleUser>
    //     <Credentials>
    //       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
    //       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
    //       <SessionToken>
    //        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
    //        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
    //        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
    //        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
    //        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
    //       </SessionToken>
    //       <Expiration>2019-11-09T13:34:41Z</Expiration>
    //     </Credentials>
    //     <PackedPolicySize>6</PackedPolicySize>
    //   </AssumeRoleResult>
    //   <ResponseMetadata>
    //     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
    //   </ResponseMetadata>
    // </AssumeRoleResponse>

    // Sample parse code:

    Get ComGetAttrValue Of hoXml "xmlns" To sAssumeRoleResponse_xmlns
    Get ComGetChildContent Of hoXml "AssumeRoleResult|SourceIdentity" To sSourceIdentity
    Get ComGetChildContent Of hoXml "AssumeRoleResult|AssumedRoleUser|Arn" To sArn
    Get ComGetChildContent Of hoXml "AssumeRoleResult|AssumedRoleUser|AssumedRoleId" To sAssumedRoleId
    Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|AccessKeyId" To sAccessKeyId
    Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|SecretAccessKey" To sSecretAccessKey
    Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|SessionToken" To sSessionToken
    Get ComGetChildContent Of hoXml "AssumeRoleResult|Credentials|Expiration" To sExpiration
    Get ComGetChildIntValue Of hoXml "AssumeRoleResult|PackedPolicySize" To iPackedPolicySize
    Get ComGetChildContent Of hoXml "ResponseMetadata|RequestId" To sRequestId

    // Save the session token XML to a file for use by another Chilkat example..
    Get ComSaveXml Of hoXml "qa_data/tokens/aws_session_token.xml" To iSuccess


End_Procedure