PowerBuilder
PowerBuilder
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat PowerBuilder Downloads
integer li_rc
integer li_Success
oleobject loo_Rest
integer li_BTls
integer li_Port
integer li_BAutoReconnect
oleobject loo_AuthAws
string ls_ResponseXml
oleobject loo_Xml
string ls_AssumeRoleResponse_xmlns
string ls_SourceIdentity
string ls_Arn
string ls_AssumedRoleId
string ls_AccessKeyId
string ls_SecretAccessKey
string ls_SessionToken
string ls_Expiration
integer li_PackedPolicySize
string ls_RequestId
li_Success = 0
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
loo_Rest = create oleobject
li_rc = loo_Rest.ConnectToNewObject("Chilkat.Rest")
if li_rc < 0 then
destroy loo_Rest
MessageBox("Error","Connecting to COM object failed")
return
end if
// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
li_BTls = 1
li_Port = 443
li_BAutoReconnect = 1
li_Success = loo_Rest.Connect("sts.us-west-2.amazonaws.com",li_Port,li_BTls,li_BAutoReconnect)
// Provide AWS credentials for the REST call.
loo_AuthAws = create oleobject
li_rc = loo_AuthAws.ConnectToNewObject("Chilkat.AuthAws")
loo_AuthAws.AccessKey = "AWS_ACCESS_KEY"
loo_AuthAws.SecretKey = "AWS_SECRET_KEY"
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
loo_AuthAws.Region = "us-west-2"
loo_AuthAws.ServiceName = "sts"
loo_Rest.SetAuthAws(loo_AuthAws)
// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS
loo_Rest.AddQueryParam("Version","2011-06-15")
loo_Rest.AddQueryParam("Action","AssumeRole")
loo_Rest.AddQueryParam("DurationSeconds","3600")
loo_Rest.AddQueryParam("RoleSessionName","testAR")
loo_Rest.AddQueryParam("RoleArn","arn:aws:iam::123456789012:role/demo")
loo_Rest.AddQueryParam("PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1")
loo_Rest.AddQueryParam("PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2")
loo_Rest.AddQueryParam("Policy","{~"Version~":~"2012-10-17~",~"Statement~":[{~"Sid~":~"Stmt1~",~"Effect~":~"Allow~",~"Action~":~"s3:*~",~"Resource~":~"*~"}]}")
loo_Rest.AddQueryParam("Tags.member.1.Key","Project")
loo_Rest.AddQueryParam("Tags.member.1.Value","Pegasus")
loo_Rest.AddQueryParam("Tags.member.2.Key","Team")
loo_Rest.AddQueryParam("Tags.member.2.Value","Engineering")
loo_Rest.AddQueryParam("Tags.member.3.Key","Cost-Center")
loo_Rest.AddQueryParam("Tags.member.3.Value","12345")
loo_Rest.AddQueryParam("TransitiveTagKeys.member.1","Project")
loo_Rest.AddQueryParam("TransitiveTagKeys.member.2","Cost-Center")
loo_Rest.AddQueryParam("ExternalId","123ABC")
loo_Rest.AddQueryParam("SourceIdentity","Alice")
ls_ResponseXml = loo_Rest.FullRequestNoBody("GET","/")
if loo_Rest.LastMethodSuccess <> 1 then
Write-Debug loo_Rest.LastErrorText
destroy loo_Rest
destroy loo_AuthAws
return
end if
// A successful response will have a status code equal to 200.
if loo_Rest.ResponseStatusCode <> 200 then
Write-Debug "response status code = " + string(loo_Rest.ResponseStatusCode)
Write-Debug "response status text = " + loo_Rest.ResponseStatusText
Write-Debug "response header: " + loo_Rest.ResponseHeader
Write-Debug "response body: " + ls_ResponseXml
destroy loo_Rest
destroy loo_AuthAws
return
end if
// Examine the successful XML response (shown below)
loo_Xml = create oleobject
li_rc = loo_Xml.ConnectToNewObject("Chilkat.Xml")
loo_Xml.LoadXml(ls_ResponseXml)
Write-Debug loo_Xml.GetXml()
// Sample response:
// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
// <AssumeRoleResult>
// <SourceIdentity>Alice</SourceIdentity>
// <AssumedRoleUser>
// <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
// <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
// </AssumedRoleUser>
// <Credentials>
// <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
// <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
// <SessionToken>
// AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
// LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
// QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
// 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
// +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
// </SessionToken>
// <Expiration>2019-11-09T13:34:41Z</Expiration>
// </Credentials>
// <PackedPolicySize>6</PackedPolicySize>
// </AssumeRoleResult>
// <ResponseMetadata>
// <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
// </ResponseMetadata>
// </AssumeRoleResponse>
// Sample parse code:
ls_AssumeRoleResponse_xmlns = loo_Xml.GetAttrValue("xmlns")
ls_SourceIdentity = loo_Xml.GetChildContent("AssumeRoleResult|SourceIdentity")
ls_Arn = loo_Xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|Arn")
ls_AssumedRoleId = loo_Xml.GetChildContent("AssumeRoleResult|AssumedRoleUser|AssumedRoleId")
ls_AccessKeyId = loo_Xml.GetChildContent("AssumeRoleResult|Credentials|AccessKeyId")
ls_SecretAccessKey = loo_Xml.GetChildContent("AssumeRoleResult|Credentials|SecretAccessKey")
ls_SessionToken = loo_Xml.GetChildContent("AssumeRoleResult|Credentials|SessionToken")
ls_Expiration = loo_Xml.GetChildContent("AssumeRoleResult|Credentials|Expiration")
li_PackedPolicySize = loo_Xml.GetChildIntValue("AssumeRoleResult|PackedPolicySize")
ls_RequestId = loo_Xml.GetChildContent("ResponseMetadata|RequestId")
// Save the session token XML to a file for use by another Chilkat example..
li_Success = loo_Xml.SaveXml("qa_data/tokens/aws_session_token.xml")
destroy loo_Rest
destroy loo_AuthAws
destroy loo_Xml