(Perl) AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

For more information, see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Chilkat Perl Downloads Perl Module for Windows, MacOS, Linux, Alpine Linux, Solaris

use chilkat();

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

$rest = chilkat::CkRest->new();

# Connect to the Amazon AWS REST server.
# such as https://sts.us-west-2.amazonaws.com/
$bTls = 1;
$port = 443;
$bAutoReconnect = 1;
$success = $rest->Connect("sts.us-west-2.amazonaws.com",$port,$bTls,$bAutoReconnect);

# Provide AWS credentials for the REST call.
$authAws = chilkat::CkAuthAws->new();
$authAws->put_AccessKey("AWS_ACCESS_KEY");
$authAws->put_SecretKey("AWS_SECRET_KEY");
# the region should match our URL above..
# See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
$authAws->put_Region("us-west-2");
$authAws->put_ServiceName("sts");

$rest->SetAuthAws($authAws);

# Sample Request
# https://sts.amazonaws.com/
# ?Version=2011-06-15
# &Action=AssumeRole
# &RoleSessionName=testAR
# &RoleArn=arn:aws:iam::123456789012:role/demo
# &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
# &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
# &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
# "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
# &DurationSeconds=3600
# &Tags.member.1.Key=Project
# &Tags.member.1.Value=Pegasus
# &Tags.member.2.Key=Team
# &Tags.member.2.Value=Engineering
# &Tags.member.3.Key=Cost-Center
# &Tags.member.3.Value=12345
# &TransitiveTagKeys.member.1=Project
# &TransitiveTagKeys.member.2=Cost-Center
# &ExternalId=123ABC
# &SourceIdentity=Alice
# &AUTHPARAMS

$rest->AddQueryParam("Version","2011-06-15");
$rest->AddQueryParam("Action","AssumeRole");
$rest->AddQueryParam("DurationSeconds","3600");

$rest->AddQueryParam("RoleSessionName","testAR");
$rest->AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo");
$rest->AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1");
$rest->AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2");
$rest->AddQueryParam("Policy","{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}");
$rest->AddQueryParam("Tags.member.1.Key","Project");
$rest->AddQueryParam("Tags.member.1.Value","Pegasus");
$rest->AddQueryParam("Tags.member.2.Key","Team");
$rest->AddQueryParam("Tags.member.2.Value","Engineering");
$rest->AddQueryParam("Tags.member.3.Key","Cost-Center");
$rest->AddQueryParam("Tags.member.3.Value","12345");
$rest->AddQueryParam("TransitiveTagKeys.member.1","Project");
$rest->AddQueryParam("TransitiveTagKeys.member.2","Cost-Center");
$rest->AddQueryParam("ExternalId","123ABC");
$rest->AddQueryParam("SourceIdentity","Alice");

$responseXml = $rest->fullRequestNoBody("GET","/");
if ($rest->get_LastMethodSuccess() != 1) {
    print $rest->lastErrorText() . "\r\n";
    exit;
}

# A successful response will have a status code equal to 200.
if ($rest->get_ResponseStatusCode() != 200) {
    print "response status code = " . $rest->get_ResponseStatusCode() . "\r\n";
    print "response status text = " . $rest->responseStatusText() . "\r\n";
    print "response header: " . $rest->responseHeader() . "\r\n";
    print "response body: " . $responseXml . "\r\n";
    exit;
}

# Examine the successful XML response (shown below)
$xml = chilkat::CkXml->new();
$xml->LoadXml($responseXml);
print $xml->getXml() . "\r\n";

# Sample response:

# <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
#   <AssumeRoleResult>
#   <SourceIdentity>Alice</SourceIdentity>
#     <AssumedRoleUser>
#       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
#       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
#     </AssumedRoleUser>
#     <Credentials>
#       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
#       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
#       <SessionToken>
#        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
#        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
#        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
#        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
#        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
#       </SessionToken>
#       <Expiration>2019-11-09T13:34:41Z</Expiration>
#     </Credentials>
#     <PackedPolicySize>6</PackedPolicySize>
#   </AssumeRoleResult>
#   <ResponseMetadata>
#     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
#   </ResponseMetadata>
# </AssumeRoleResponse>

# Sample parse code:

$AssumeRoleResponse_xmlns = $xml->getAttrValue("xmlns");
$SourceIdentity = $xml->getChildContent("AssumeRoleResult|SourceIdentity");
$Arn = $xml->getChildContent("AssumeRoleResult|AssumedRoleUser|Arn");
$AssumedRoleId = $xml->getChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId");
$AccessKeyId = $xml->getChildContent("AssumeRoleResult|Credentials|AccessKeyId");
$SecretAccessKey = $xml->getChildContent("AssumeRoleResult|Credentials|SecretAccessKey");
$SessionToken = $xml->getChildContent("AssumeRoleResult|Credentials|SessionToken");
$Expiration = $xml->getChildContent("AssumeRoleResult|Credentials|Expiration");
$PackedPolicySize = $xml->GetChildIntValue("AssumeRoleResult|PackedPolicySize");
$RequestId = $xml->getChildContent("ResponseMetadata|RequestId");

# Save the session token XML to a file for use by another Chilkat example..
$success = $xml->SaveXml("qa_data/tokens/aws_session_token.xml");