Sample code for 30+ languages & platforms
PureBasic

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkXml.pb"
IncludeFile "CkAuthAws.pb"
IncludeFile "CkRest.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    rest.i = CkRest::ckCreate()
    If rest.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Connect to the Amazon AWS REST server.
    ; such as https://sts.us-west-2.amazonaws.com/
    bTls.i = 1
    port.i = 443
    bAutoReconnect.i = 1
    success = CkRest::ckConnect(rest,"sts.us-west-2.amazonaws.com",port,bTls,bAutoReconnect)

    ; Provide AWS credentials for the REST call.
    authAws.i = CkAuthAws::ckCreate()
    If authAws.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkAuthAws::setCkAccessKey(authAws, "AWS_ACCESS_KEY")
    CkAuthAws::setCkSecretKey(authAws, "AWS_SECRET_KEY")
    ; the region should match our URL above..
    ; See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
    CkAuthAws::setCkRegion(authAws, "us-west-2")
    CkAuthAws::setCkServiceName(authAws, "sts")

    CkRest::ckSetAuthAws(rest,authAws)

    ; Sample Request
    ; https://sts.amazonaws.com/
    ; ?Version=2011-06-15
    ; &Action=AssumeRole
    ; &RoleSessionName=testAR
    ; &RoleArn=arn:aws:iam::123456789012:role/demo
    ; &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
    ; &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
    ; &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
    ; "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
    ; &DurationSeconds=3600
    ; &Tags.member.1.Key=Project
    ; &Tags.member.1.Value=Pegasus
    ; &Tags.member.2.Key=Team
    ; &Tags.member.2.Value=Engineering
    ; &Tags.member.3.Key=Cost-Center
    ; &Tags.member.3.Value=12345
    ; &TransitiveTagKeys.member.1=Project
    ; &TransitiveTagKeys.member.2=Cost-Center
    ; &ExternalId=123ABC
    ; &SourceIdentity=Alice
    ; &AUTHPARAMS

    CkRest::ckAddQueryParam(rest,"Version","2011-06-15")
    CkRest::ckAddQueryParam(rest,"Action","AssumeRole")
    CkRest::ckAddQueryParam(rest,"DurationSeconds","3600")

    CkRest::ckAddQueryParam(rest,"RoleSessionName","testAR")
    CkRest::ckAddQueryParam(rest,"RoleArn","arn:aws:iam::123456789012:role/demo")
    CkRest::ckAddQueryParam(rest,"PolicyArns.member.1.arn","arn:aws:iam::123456789012:policy/demopolicy1")
    CkRest::ckAddQueryParam(rest,"PolicyArns.member.2.arn","arn:aws:iam::123456789012:policy/demopolicy2")
    CkRest::ckAddQueryParam(rest,"Policy","{" + Chr(34) + "Version" + Chr(34) + ":" + Chr(34) + "2012-10-17" + Chr(34) + "," + Chr(34) + "Statement" + Chr(34) + ":[{" + Chr(34) + "Sid" + Chr(34) + ":" + Chr(34) + "Stmt1" + Chr(34) + "," + Chr(34) + "Effect" + Chr(34) + ":" + Chr(34) + "Allow" + Chr(34) + "," + Chr(34) + "Action" + Chr(34) + ":" + Chr(34) + "s3:*" + Chr(34) + "," + Chr(34) + "Resource" + Chr(34) + ":" + Chr(34) + "*" + Chr(34) + "}]}")
    CkRest::ckAddQueryParam(rest,"Tags.member.1.Key","Project")
    CkRest::ckAddQueryParam(rest,"Tags.member.1.Value","Pegasus")
    CkRest::ckAddQueryParam(rest,"Tags.member.2.Key","Team")
    CkRest::ckAddQueryParam(rest,"Tags.member.2.Value","Engineering")
    CkRest::ckAddQueryParam(rest,"Tags.member.3.Key","Cost-Center")
    CkRest::ckAddQueryParam(rest,"Tags.member.3.Value","12345")
    CkRest::ckAddQueryParam(rest,"TransitiveTagKeys.member.1","Project")
    CkRest::ckAddQueryParam(rest,"TransitiveTagKeys.member.2","Cost-Center")
    CkRest::ckAddQueryParam(rest,"ExternalId","123ABC")
    CkRest::ckAddQueryParam(rest,"SourceIdentity","Alice")

    responseXml.s = CkRest::ckFullRequestNoBody(rest,"GET","/")
    If CkRest::ckLastMethodSuccess(rest) <> 1
        Debug CkRest::ckLastErrorText(rest)
        CkRest::ckDispose(rest)
        CkAuthAws::ckDispose(authAws)
        ProcedureReturn
    EndIf

    ; A successful response will have a status code equal to 200.
    If CkRest::ckResponseStatusCode(rest) <> 200
        Debug "response status code = " + Str(CkRest::ckResponseStatusCode(rest))
        Debug "response status text = " + CkRest::ckResponseStatusText(rest)
        Debug "response header: " + CkRest::ckResponseHeader(rest)
        Debug "response body: " + responseXml
        CkRest::ckDispose(rest)
        CkAuthAws::ckDispose(authAws)
        ProcedureReturn
    EndIf

    ; Examine the successful XML response (shown below)
    xml.i = CkXml::ckCreate()
    If xml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::ckLoadXml(xml,responseXml)
    Debug CkXml::ckGetXml(xml)

    ; Sample response:

    ; <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    ;   <AssumeRoleResult>
    ;   <SourceIdentity>Alice</SourceIdentity>
    ;     <AssumedRoleUser>
    ;       <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
    ;       <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
    ;     </AssumedRoleUser>
    ;     <Credentials>
    ;       <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
    ;       <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
    ;       <SessionToken>
    ;        AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
    ;        LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
    ;        QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
    ;        9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
    ;        +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
    ;       </SessionToken>
    ;       <Expiration>2019-11-09T13:34:41Z</Expiration>
    ;     </Credentials>
    ;     <PackedPolicySize>6</PackedPolicySize>
    ;   </AssumeRoleResult>
    ;   <ResponseMetadata>
    ;     <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
    ;   </ResponseMetadata>
    ; </AssumeRoleResponse>

    ; Sample parse code:

    AssumeRoleResponse_xmlns.s = CkXml::ckGetAttrValue(xml,"xmlns")
    SourceIdentity.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|SourceIdentity")
    Arn.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|AssumedRoleUser|Arn")
    AssumedRoleId.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|AssumedRoleUser|AssumedRoleId")
    AccessKeyId.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|Credentials|AccessKeyId")
    SecretAccessKey.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|Credentials|SecretAccessKey")
    SessionToken.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|Credentials|SessionToken")
    Expiration.s = CkXml::ckGetChildContent(xml,"AssumeRoleResult|Credentials|Expiration")
    PackedPolicySize.i = CkXml::ckGetChildIntValue(xml,"AssumeRoleResult|PackedPolicySize")
    RequestId.s = CkXml::ckGetChildContent(xml,"ResponseMetadata|RequestId")

    ; Save the session token XML to a file for use by another Chilkat example..
    success = CkXml::ckSaveXml(xml,"qa_data/tokens/aws_session_token.xml")


    CkRest::ckDispose(rest)
    CkAuthAws::ckDispose(authAws)
    CkXml::ckDispose(xml)


    ProcedureReturn
EndProcedure