Sample code for 30+ languages & platforms
Visual FoxPro

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loRest
LOCAL lnBTls
LOCAL lnPort
LOCAL lnBAutoReconnect
LOCAL loAuthAws
LOCAL lcResponseXml
LOCAL loXml
LOCAL lcAssumeRoleResponse_xmlns
LOCAL lcSourceIdentity
LOCAL lcArn
LOCAL lcAssumedRoleId
LOCAL lcAccessKeyId
LOCAL lcSecretAccessKey
LOCAL lcSessionToken
LOCAL lcExpiration
LOCAL lnPackedPolicySize
LOCAL lcRequestId

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

loRest = CreateObject('Chilkat.Rest')

* Connect to the Amazon AWS REST server.
* such as https://sts.us-west-2.amazonaws.com/
lnBTls = 1
lnPort = 443
lnBAutoReconnect = 1
lnSuccess = loRest.Connect("sts.us-west-2.amazonaws.com",lnPort,lnBTls,lnBAutoReconnect)

* Provide AWS credentials for the REST call.
loAuthAws = CreateObject('Chilkat.AuthAws')
loAuthAws.AccessKey = "AWS_ACCESS_KEY"
loAuthAws.SecretKey = "AWS_SECRET_KEY"
* the region should match our URL above..
* See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
loAuthAws.Region = "us-west-2"
loAuthAws.ServiceName = "sts"

loRest.SetAuthAws(loAuthAws)

* Sample Request
* https://sts.amazonaws.com/
* ?Version=2011-06-15
* &Action=AssumeRole
* &RoleSessionName=testAR
* &RoleArn=arn:aws:iam::123456789012:role/demo
* &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
* &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
* &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
* "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
* &DurationSeconds=3600
* &Tags.member.1.Key=Project
* &Tags.member.1.Value=Pegasus
* &Tags.member.2.Key=Team
* &Tags.member.2.Value=Engineering
* &Tags.member.3.Key=Cost-Center
* &Tags.member.3.Value=12345
* &TransitiveTagKeys.member.1=Project
* &TransitiveTagKeys.member.2=Cost-Center
* &ExternalId=123ABC
* &SourceIdentity=Alice
* &AUTHPARAMS

loRest.AddQueryParam("Version","2011-06-15")
loRest.AddQueryParam("Action","AssumeRole")
loRest.AddQueryParam("DurationSeconds","3600")

loRest.AddQueryParam("RoleSessionName","testAR")
loRest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo")
loRest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1")
loRest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2")
loRest.AddQueryParam("Policy",'{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}')
loRest.AddQueryParam("Tags.member.1.Key","Project")
loRest.AddQueryParam("Tags.member.1.Value","Pegasus")
loRest.AddQueryParam("Tags.member.2.Key","Team")
loRest.AddQueryParam("Tags.member.2.Value","Engineering")
loRest.AddQueryParam("Tags.member.3.Key","Cost-Center")
loRest.AddQueryParam("Tags.member.3.Value","12345")
loRest.AddQueryParam("TransitiveTagKeys.member.1","Project")
loRest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center")
loRest.AddQueryParam("ExternalId","123ABC")
loRest.AddQueryParam("SourceIdentity","Alice")

lcResponseXml = loRest.FullRequestNoBody("GET","/")
IF (loRest.LastMethodSuccess <> 1) THEN
    ? loRest.LastErrorText
    RELEASE loRest
    RELEASE loAuthAws
    CANCEL
ENDIF

* A successful response will have a status code equal to 200.
IF (loRest.ResponseStatusCode <> 200) THEN
    ? "response status code = " + STR(loRest.ResponseStatusCode)
    ? "response status text = " + loRest.ResponseStatusText
    ? "response header: " + loRest.ResponseHeader
    ? "response body: " + lcResponseXml
    RELEASE loRest
    RELEASE loAuthAws
    CANCEL
ENDIF

* Examine the successful XML response (shown below)
loXml = CreateObject('Chilkat.Xml')
loXml.LoadXml(lcResponseXml)
? loXml.GetXml()

* Sample response:

* <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
*   <AssumeRoleResult>
*   <SourceIdentity>Alice</SourceIdentity>
*     <AssumedRoleUser>
*       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
*       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
*     </AssumedRoleUser>
*     <Credentials>
*       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
*       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
*       <SessionToken>
*        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
*        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
*        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
*        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
*        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
*       </SessionToken>
*       <Expiration>2019-11-09T13:34:41Z</Expiration>
*     </Credentials>
*     <PackedPolicySize>6</PackedPolicySize>
*   </AssumeRoleResult>
*   <ResponseMetadata>
*     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
*   </ResponseMetadata>
* </AssumeRoleResponse>

* Sample parse code:

lcAssumeRoleResponse_xmlns = loXml.GetAttrValue("xmlns")
lcSourceIdentity = loXml.GetChildContent("AssumeRoleResult|SourceIdentity")
lcArn = loXml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn")
lcAssumedRoleId = loXml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId")
lcAccessKeyId = loXml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId")
lcSecretAccessKey = loXml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey")
lcSessionToken = loXml.GetChildContent("AssumeRoleResult|Credentials|SessionToken")
lcExpiration = loXml.GetChildContent("AssumeRoleResult|Credentials|Expiration")
lnPackedPolicySize = loXml.GetChildIntValue("AssumeRoleResult|PackedPolicySize")
lcRequestId = loXml.GetChildContent("ResponseMetadata|RequestId")

* Save the session token XML to a file for use by another Chilkat example..
lnSuccess = loXml.SaveXml("qa_data/tokens/aws_session_token.xml")

RELEASE loRest
RELEASE loAuthAws
RELEASE loXml