Sample code for 30+ languages & platforms
Objective-C

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat Objective-C Downloads

Objective-C
#import <CkoRest.h>
#import <CkoAuthAws.h>
#import <NSString.h>
#import <CkoXml.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoRest *rest = [[CkoRest alloc] init];

// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
BOOL bTls = YES;
int port = 443;
BOOL bAutoReconnect = YES;
success = [rest Connect: @"sts.us-west-2.amazonaws.com" port: [NSNumber numberWithInt: port] tls: bTls autoReconnect: bAutoReconnect];

// Provide AWS credentials for the REST call.
CkoAuthAws *authAws = [[CkoAuthAws alloc] init];
authAws.AccessKey = @"AWS_ACCESS_KEY";
authAws.SecretKey = @"AWS_SECRET_KEY";
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
authAws.Region = @"us-west-2";
authAws.ServiceName = @"sts";

[rest SetAuthAws: authAws];

// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS

[rest AddQueryParam: @"Version" value: @"2011-06-15"];
[rest AddQueryParam: @"Action" value: @"AssumeRole"];
[rest AddQueryParam: @"DurationSeconds" value: @"3600"];

[rest AddQueryParam: @"RoleSessionName" value: @"testAR"];
[rest AddQueryParam: @"RoleArn" value: @"arn:aws:iam::123456789012:role/demo"];
[rest AddQueryParam: @"PolicyArns.member.1.arn" value: @"arn:aws:iam::123456789012:policy/demopolicy1"];
[rest AddQueryParam: @"PolicyArns.member.2.arn" value: @"arn:aws:iam::123456789012:policy/demopolicy2"];
[rest AddQueryParam: @"Policy" value: @"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}"];
[rest AddQueryParam: @"Tags.member.1.Key" value: @"Project"];
[rest AddQueryParam: @"Tags.member.1.Value" value: @"Pegasus"];
[rest AddQueryParam: @"Tags.member.2.Key" value: @"Team"];
[rest AddQueryParam: @"Tags.member.2.Value" value: @"Engineering"];
[rest AddQueryParam: @"Tags.member.3.Key" value: @"Cost-Center"];
[rest AddQueryParam: @"Tags.member.3.Value" value: @"12345"];
[rest AddQueryParam: @"TransitiveTagKeys.member.1" value: @"Project"];
[rest AddQueryParam: @"TransitiveTagKeys.member.2" value: @"Cost-Center"];
[rest AddQueryParam: @"ExternalId" value: @"123ABC"];
[rest AddQueryParam: @"SourceIdentity" value: @"Alice"];

NSString *responseXml = [rest FullRequestNoBody: @"GET" uriPath: @"/"];
if (rest.LastMethodSuccess != YES) {
    NSLog(@"%@",rest.LastErrorText);
    return;
}

// A successful response will have a status code equal to 200.
if ([rest.ResponseStatusCode intValue] != 200) {
    NSLog(@"%@%d",@"response status code = ",[rest.ResponseStatusCode intValue]);
    NSLog(@"%@%@",@"response status text = ",rest.ResponseStatusText);
    NSLog(@"%@%@",@"response header: ",rest.ResponseHeader);
    NSLog(@"%@%@",@"response body: ",responseXml);
    return;
}

// Examine the successful XML response (shown below)
CkoXml *xml = [[CkoXml alloc] init];
[xml LoadXml: responseXml];
NSLog(@"%@",[xml GetXml]);

// Sample response:

// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
//   <AssumeRoleResult>
//   <SourceIdentity>Alice</SourceIdentity>
//     <AssumedRoleUser>
//       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
//       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
//     </AssumedRoleUser>
//     <Credentials>
//       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
//       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
//       <SessionToken>
//        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
//        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
//        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
//        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
//        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
//       </SessionToken>
//       <Expiration>2019-11-09T13:34:41Z</Expiration>
//     </Credentials>
//     <PackedPolicySize>6</PackedPolicySize>
//   </AssumeRoleResult>
//   <ResponseMetadata>
//     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
//   </ResponseMetadata>
// </AssumeRoleResponse>

// Sample parse code:

NSString *AssumeRoleResponse_xmlns = [xml GetAttrValue: @"xmlns"];
NSString *SourceIdentity = [xml GetChildContent: @"AssumeRoleResult|SourceIdentity"];
NSString *Arn = [xml GetChildContent: @"AssumeRoleResult|AssumedRoleUser|Arn"];
NSString *AssumedRoleId = [xml GetChildContent: @"AssumeRoleResult|AssumedRoleUser|AssumedRoleId"];
NSString *AccessKeyId = [xml GetChildContent: @"AssumeRoleResult|Credentials|AccessKeyId"];
NSString *SecretAccessKey = [xml GetChildContent: @"AssumeRoleResult|Credentials|SecretAccessKey"];
NSString *SessionToken = [xml GetChildContent: @"AssumeRoleResult|Credentials|SessionToken"];
NSString *Expiration = [xml GetChildContent: @"AssumeRoleResult|Credentials|Expiration"];
int PackedPolicySize = [[xml GetChildIntValue: @"AssumeRoleResult|PackedPolicySize"] intValue];
NSString *RequestId = [xml GetChildContent: @"ResponseMetadata|RequestId"];

// Save the session token XML to a file for use by another Chilkat example..
success = [xml SaveXml: @"qa_data/tokens/aws_session_token.xml"];