Sample code for 30+ languages & platforms
Delphi ActiveX

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
rest: TChilkatRest;
bTls: Integer;
port: Integer;
bAutoReconnect: Integer;
authAws: TChilkatAuthAws;
responseXml: WideString;
xml: TChilkatXml;
AssumeRoleResponse_xmlns: WideString;
SourceIdentity: WideString;
Arn: WideString;
AssumedRoleId: WideString;
AccessKeyId: WideString;
SecretAccessKey: WideString;
SessionToken: WideString;
Expiration: WideString;
PackedPolicySize: Integer;
RequestId: WideString;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

rest := TChilkatRest.Create(Self);

// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
bTls := 1;
port := 443;
bAutoReconnect := 1;
success := rest.Connect('sts.us-west-2.amazonaws.com',port,bTls,bAutoReconnect);

// Provide AWS credentials for the REST call.
authAws := TChilkatAuthAws.Create(Self);
authAws.AccessKey := 'AWS_ACCESS_KEY';
authAws.SecretKey := 'AWS_SECRET_KEY';
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
authAws.Region := 'us-west-2';
authAws.ServiceName := 'sts';

rest.SetAuthAws(authAws.ControlInterface);

// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS

rest.AddQueryParam('Version','2011-06-15');
rest.AddQueryParam('Action','AssumeRole');
rest.AddQueryParam('DurationSeconds','3600');

rest.AddQueryParam('RoleSessionName','testAR');
rest.AddQueryParam('RoleArn','arn:aws:iam::123456789012:role/demo');
rest.AddQueryParam('PolicyArns.member.1.arn','arn:aws:iam::123456789012:policy/demopolicy1');
rest.AddQueryParam('PolicyArns.member.2.arn','arn:aws:iam::123456789012:policy/demopolicy2');
rest.AddQueryParam('Policy','{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}');
rest.AddQueryParam('Tags.member.1.Key','Project');
rest.AddQueryParam('Tags.member.1.Value','Pegasus');
rest.AddQueryParam('Tags.member.2.Key','Team');
rest.AddQueryParam('Tags.member.2.Value','Engineering');
rest.AddQueryParam('Tags.member.3.Key','Cost-Center');
rest.AddQueryParam('Tags.member.3.Value','12345');
rest.AddQueryParam('TransitiveTagKeys.member.1','Project');
rest.AddQueryParam('TransitiveTagKeys.member.2','Cost-Center');
rest.AddQueryParam('ExternalId','123ABC');
rest.AddQueryParam('SourceIdentity','Alice');

responseXml := rest.FullRequestNoBody('GET','/');
if (rest.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(rest.LastErrorText);
    Exit;
  end;

// A successful response will have a status code equal to 200.
if (rest.ResponseStatusCode <> 200) then
  begin
    Memo1.Lines.Add('response status code = ' + IntToStr(rest.ResponseStatusCode));
    Memo1.Lines.Add('response status text = ' + rest.ResponseStatusText);
    Memo1.Lines.Add('response header: ' + rest.ResponseHeader);
    Memo1.Lines.Add('response body: ' + responseXml);
    Exit;
  end;

// Examine the successful XML response (shown below)
xml := TChilkatXml.Create(Self);
xml.LoadXml(responseXml);
Memo1.Lines.Add(xml.GetXml());

// Sample response:

// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
//   <AssumeRoleResult>
//   <SourceIdentity>Alice</SourceIdentity>
//     <AssumedRoleUser>
//       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
//       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
//     </AssumedRoleUser>
//     <Credentials>
//       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
//       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
//       <SessionToken>
//        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
//        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
//        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
//        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
//        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
//       </SessionToken>
//       <Expiration>2019-11-09T13:34:41Z</Expiration>
//     </Credentials>
//     <PackedPolicySize>6</PackedPolicySize>
//   </AssumeRoleResult>
//   <ResponseMetadata>
//     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
//   </ResponseMetadata>
// </AssumeRoleResponse>

// Sample parse code:

AssumeRoleResponse_xmlns := xml.GetAttrValue('xmlns');
SourceIdentity := xml.GetChildContent('AssumeRoleResult|SourceIdentity');
Arn := xml.GetChildContent('AssumeRoleResult|AssumedRoleUser|Arn');
AssumedRoleId := xml.GetChildContent('AssumeRoleResult|AssumedRoleUser|AssumedRoleId');
AccessKeyId := xml.GetChildContent('AssumeRoleResult|Credentials|AccessKeyId');
SecretAccessKey := xml.GetChildContent('AssumeRoleResult|Credentials|SecretAccessKey');
SessionToken := xml.GetChildContent('AssumeRoleResult|Credentials|SessionToken');
Expiration := xml.GetChildContent('AssumeRoleResult|Credentials|Expiration');
PackedPolicySize := xml.GetChildIntValue('AssumeRoleResult|PackedPolicySize');
RequestId := xml.GetChildContent('ResponseMetadata|RequestId');

// Save the session token XML to a file for use by another Chilkat example..
success := xml.SaveXml('qa_data/tokens/aws_session_token.xml');
end;