Unicode C
Unicode C
AWS Security Token Service (STS) AssumeRole
See more AWS Security Token Service Examples
Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.Chilkat Unicode C Downloads
#include <C_CkRestW.h>
#include <C_CkAuthAwsW.h>
#include <C_CkXmlW.h>
void ChilkatSample(void)
{
BOOL success;
HCkRestW rest;
BOOL bTls;
int port;
BOOL bAutoReconnect;
HCkAuthAwsW authAws;
const wchar_t *responseXml;
HCkXmlW xml;
const wchar_t *AssumeRoleResponse_xmlns;
const wchar_t *SourceIdentity;
const wchar_t *Arn;
const wchar_t *AssumedRoleId;
const wchar_t *AccessKeyId;
const wchar_t *SecretAccessKey;
const wchar_t *SessionToken;
const wchar_t *Expiration;
int PackedPolicySize;
const wchar_t *RequestId;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
rest = CkRestW_Create();
// Connect to the Amazon AWS REST server.
// such as https://sts.us-west-2.amazonaws.com/
bTls = TRUE;
port = 443;
bAutoReconnect = TRUE;
success = CkRestW_Connect(rest,L"sts.us-west-2.amazonaws.com",port,bTls,bAutoReconnect);
// Provide AWS credentials for the REST call.
authAws = CkAuthAwsW_Create();
CkAuthAwsW_putAccessKey(authAws,L"AWS_ACCESS_KEY");
CkAuthAwsW_putSecretKey(authAws,L"AWS_SECRET_KEY");
// the region should match our URL above..
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
CkAuthAwsW_putRegion(authAws,L"us-west-2");
CkAuthAwsW_putServiceName(authAws,L"sts");
CkRestW_SetAuthAws(rest,authAws);
// Sample Request
// https://sts.amazonaws.com/
// ?Version=2011-06-15
// &Action=AssumeRole
// &RoleSessionName=testAR
// &RoleArn=arn:aws:iam::123456789012:role/demo
// &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
// &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
// &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
// "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
// &DurationSeconds=3600
// &Tags.member.1.Key=Project
// &Tags.member.1.Value=Pegasus
// &Tags.member.2.Key=Team
// &Tags.member.2.Value=Engineering
// &Tags.member.3.Key=Cost-Center
// &Tags.member.3.Value=12345
// &TransitiveTagKeys.member.1=Project
// &TransitiveTagKeys.member.2=Cost-Center
// &ExternalId=123ABC
// &SourceIdentity=Alice
// &AUTHPARAMS
CkRestW_AddQueryParam(rest,L"Version",L"2011-06-15");
CkRestW_AddQueryParam(rest,L"Action",L"AssumeRole");
CkRestW_AddQueryParam(rest,L"DurationSeconds",L"3600");
CkRestW_AddQueryParam(rest,L"RoleSessionName",L"testAR");
CkRestW_AddQueryParam(rest,L"RoleArn",L"arn:aws:iam::123456789012:role/demo");
CkRestW_AddQueryParam(rest,L"PolicyArns.member.1.arn",L"arn:aws:iam::123456789012:policy/demopolicy1");
CkRestW_AddQueryParam(rest,L"PolicyArns.member.2.arn",L"arn:aws:iam::123456789012:policy/demopolicy2");
CkRestW_AddQueryParam(rest,L"Policy",L"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}");
CkRestW_AddQueryParam(rest,L"Tags.member.1.Key",L"Project");
CkRestW_AddQueryParam(rest,L"Tags.member.1.Value",L"Pegasus");
CkRestW_AddQueryParam(rest,L"Tags.member.2.Key",L"Team");
CkRestW_AddQueryParam(rest,L"Tags.member.2.Value",L"Engineering");
CkRestW_AddQueryParam(rest,L"Tags.member.3.Key",L"Cost-Center");
CkRestW_AddQueryParam(rest,L"Tags.member.3.Value",L"12345");
CkRestW_AddQueryParam(rest,L"TransitiveTagKeys.member.1",L"Project");
CkRestW_AddQueryParam(rest,L"TransitiveTagKeys.member.2",L"Cost-Center");
CkRestW_AddQueryParam(rest,L"ExternalId",L"123ABC");
CkRestW_AddQueryParam(rest,L"SourceIdentity",L"Alice");
responseXml = CkRestW_fullRequestNoBody(rest,L"GET",L"/");
if (CkRestW_getLastMethodSuccess(rest) != TRUE) {
wprintf(L"%s\n",CkRestW_lastErrorText(rest));
CkRestW_Dispose(rest);
CkAuthAwsW_Dispose(authAws);
return;
}
// A successful response will have a status code equal to 200.
if (CkRestW_getResponseStatusCode(rest) != 200) {
wprintf(L"response status code = %d\n",CkRestW_getResponseStatusCode(rest));
wprintf(L"response status text = %s\n",CkRestW_responseStatusText(rest));
wprintf(L"response header: %s\n",CkRestW_responseHeader(rest));
wprintf(L"response body: %s\n",responseXml);
CkRestW_Dispose(rest);
CkAuthAwsW_Dispose(authAws);
return;
}
// Examine the successful XML response (shown below)
xml = CkXmlW_Create();
CkXmlW_LoadXml(xml,responseXml);
wprintf(L"%s\n",CkXmlW_getXml(xml));
// Sample response:
// <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
// <AssumeRoleResult>
// <SourceIdentity>Alice</SourceIdentity>
// <AssumedRoleUser>
// <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
// <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
// </AssumedRoleUser>
// <Credentials>
// <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
// <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
// <SessionToken>
// AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
// LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
// QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
// 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
// +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
// </SessionToken>
// <Expiration>2019-11-09T13:34:41Z</Expiration>
// </Credentials>
// <PackedPolicySize>6</PackedPolicySize>
// </AssumeRoleResult>
// <ResponseMetadata>
// <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
// </ResponseMetadata>
// </AssumeRoleResponse>
// Sample parse code:
AssumeRoleResponse_xmlns = CkXmlW_getAttrValue(xml,L"xmlns");
SourceIdentity = CkXmlW_getChildContent(xml,L"AssumeRoleResult|SourceIdentity");
Arn = CkXmlW_getChildContent(xml,L"AssumeRoleResult|AssumedRoleUser|Arn");
AssumedRoleId = CkXmlW_getChildContent(xml,L"AssumeRoleResult|AssumedRoleUser|AssumedRoleId");
AccessKeyId = CkXmlW_getChildContent(xml,L"AssumeRoleResult|Credentials|AccessKeyId");
SecretAccessKey = CkXmlW_getChildContent(xml,L"AssumeRoleResult|Credentials|SecretAccessKey");
SessionToken = CkXmlW_getChildContent(xml,L"AssumeRoleResult|Credentials|SessionToken");
Expiration = CkXmlW_getChildContent(xml,L"AssumeRoleResult|Credentials|Expiration");
PackedPolicySize = CkXmlW_GetChildIntValue(xml,L"AssumeRoleResult|PackedPolicySize");
RequestId = CkXmlW_getChildContent(xml,L"ResponseMetadata|RequestId");
// Save the session token XML to a file for use by another Chilkat example..
success = CkXmlW_SaveXml(xml,L"qa_data/tokens/aws_session_token.xml");
CkRestW_Dispose(rest);
CkAuthAwsW_Dispose(authAws);
CkXmlW_Dispose(xml);
}