(Node.js) AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

For more information, see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    var rest = new chilkat.Rest();

    // Connect to the Amazon AWS REST server.
    // such as https://sts.us-west-2.amazonaws.com/
    var bTls = true;
    var port = 443;
    var bAutoReconnect = true;
    var success = rest.Connect("sts.us-west-2.amazonaws.com",port,bTls,bAutoReconnect);

    // Provide AWS credentials for the REST call.
    var authAws = new chilkat.AuthAws();
    authAws.AccessKey = "AWS_ACCESS_KEY";
    authAws.SecretKey = "AWS_SECRET_KEY";
    // the region should match our URL above..
    // See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
    authAws.Region = "us-west-2";
    authAws.ServiceName = "sts";

    rest.SetAuthAws(authAws);

    // Sample Request
    // https://sts.amazonaws.com/
    // ?Version=2011-06-15
    // &Action=AssumeRole
    // &RoleSessionName=testAR
    // &RoleArn=arn:aws:iam::123456789012:role/demo
    // &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
    // &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
    // &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
    // "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
    // &DurationSeconds=3600
    // &Tags.member.1.Key=Project
    // &Tags.member.1.Value=Pegasus
    // &Tags.member.2.Key=Team
    // &Tags.member.2.Value=Engineering
    // &Tags.member.3.Key=Cost-Center
    // &Tags.member.3.Value=12345
    // &TransitiveTagKeys.member.1=Project
    // &TransitiveTagKeys.member.2=Cost-Center
    // &ExternalId=123ABC
    // &SourceIdentity=Alice
    // &AUTHPARAMS

    rest.AddQueryParam("Version","2011-06-15");
    rest.AddQueryParam("Action","AssumeRole");
    rest.AddQueryParam("DurationSeconds","3600");

    rest.AddQueryParam("RoleSessionName","testAR");
    rest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo");
    rest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1");
    rest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2");
    rest.AddQueryParam("Policy","{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}");
    rest.AddQueryParam("Tags.member.1.Key","Project");
    rest.AddQueryParam("Tags.member.1.Value","Pegasus");
    rest.AddQueryParam("Tags.member.2.Key","Team");
    rest.AddQueryParam("Tags.member.2.Value","Engineering");
    rest.AddQueryParam("Tags.member.3.Key","Cost-Center");
    rest.AddQueryParam("Tags.member.3.Value","12345");
    rest.AddQueryParam("TransitiveTagKeys.member.1","Project");
    rest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center");
    rest.AddQueryParam("ExternalId","123ABC");
    rest.AddQueryParam("SourceIdentity","Alice");

    var responseXml = rest.FullRequestNoBody("GET","/");
    if (rest.LastMethodSuccess !== true) {
        console.log(rest.LastErrorText);
        return;
    }

    // A successful response will have a status code equal to 200.
    if (rest.ResponseStatusCode !== 200) {
        console.log("response status code = " + rest.ResponseStatusCode);
        console.log("response status text = " + rest.ResponseStatusText);
        console.log("response header: " + rest.ResponseHeader);
        console.log("response body: " + responseXml);
        return;
    }

    // Examine the successful XML response (shown below)
    var xml = new chilkat.Xml();
    xml.LoadXml(responseXml);
    console.log(xml.GetXml());

    // Sample response:

    // <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    //   <AssumeRoleResult>
    //   <SourceIdentity>Alice</SourceIdentity>
    //     <AssumedRoleUser>
    //       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
    //       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
    //     </AssumedRoleUser>
    //     <Credentials>
    //       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
    //       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
    //       <SessionToken>
    //        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
    //        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
    //        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
    //        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
    //        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
    //       </SessionToken>
    //       <Expiration>2019-11-09T13:34:41Z</Expiration>
    //     </Credentials>
    //     <PackedPolicySize>6</PackedPolicySize>
    //   </AssumeRoleResult>
    //   <ResponseMetadata>
    //     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
    //   </ResponseMetadata>
    // </AssumeRoleResponse>

    // Sample parse code:

    var AssumeRoleResponse_xmlns = xml.GetAttrValue("xmlns");
    var SourceIdentity = xml.GetChildContent("AssumeRoleResult|SourceIdentity");
    var Arn = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn");
    var AssumedRoleId = xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId");
    var AccessKeyId = xml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId");
    var SecretAccessKey = xml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey");
    var SessionToken = xml.GetChildContent("AssumeRoleResult|Credentials|SessionToken");
    var Expiration = xml.GetChildContent("AssumeRoleResult|Credentials|Expiration");
    var PackedPolicySize = xml.GetChildIntValue("AssumeRoleResult|PackedPolicySize");
    var RequestId = xml.GetChildContent("ResponseMetadata|RequestId");

    // Save the session token XML to a file for use by another Chilkat example..
    success = xml.SaveXml("qa_data/tokens/aws_session_token.xml");

}

chilkatExample();