get_session_token {aws.iam} | R Documentation |
Temporary Session Tokens
Description
Get a temporary credentials (i.e., a Session Token)
Usage
get_session_token(duration = 900, id, code, tags, use = FALSE, ...)
get_federation_token(duration = 900, name, policy, use = FALSE, ...)
get_caller_identity(...)
assume_role(
role,
session,
duration,
id,
code,
externalid,
policy,
tags,
transitive.tags,
use = FALSE,
...
)
Arguments
duration |
numeric, optional, duration for which the credentials should be valid, in seconds, between 900 and 129600. If not set, the back-end can decided. |
id |
string, optional, the serial number or Amazon Resource Number for a multi-factor authentication (MFA) device. |
code |
If |
tags |
named character vector or named list of scalars, optional, if specified then the supplied key/value pairs (names are keys) are passed as session tags. |
use |
logical (default |
... |
Additional arguments passed to |
name |
The name of the federated user. |
policy |
A character string specifying a JSON-formatted role
policy. For |
role |
string, role ARN or an object of class “iam_role”. |
session |
string, name of the temporary session, can be arbitrary and is mainly used to disambiguate multiple sessions using the same role. |
externalid |
A unique identifier that is used by third parties when assuming roles in their customers' accounts. |
transitive.tags |
character vector, optional, specifies names of the session tags which will be passed to subsequent sessions in the role chain. |
Details
get_caller_identity
returns the account ID and ARN
for the currently credentialled user. This can be used to
confirm that an assumed role has indeed been assumed.
get_session_token
and get_federation_token
generate and return temporary credentials.
Details about the underlying behavior of the various API endpoints can be found at Requesting Temporary Security Credentials.
Value
A list.
References
API Reference: GetCallerIdentity API Reference: GetSessionToken API Reference: GetFederationToken API Reference: AssumeRole API Reference: AssumeRoleWithSAML API Reference: AssumeRoleWithWebIdentity
Examples
## Not run:
get_caller_identity() # check current identity
x <- get_session_token() # get token (T1) but do not use
set_credentials(x) # now use those credentials
x <- get_session_token(use = TRUE) # get and use another temp token (T2)
get_caller_identity() # check that token is in use
# assume a role
r <- assume_role("arn:aws:iam::111111111111:role/my-role", "test", use=TRUE)
get_caller_identity() # check that the role has been assumed
restore_credentials() # return to credentials of T2
restore_credentials() # return to credentials of T1
restore_credentials() # return to root credentials
get_caller_identity() # check identity, again
## End(Not run)