get_session_token {aws.iam}R Documentation

Temporary Session Tokens

Description

Get a temporary credentials (i.e., a Session Token)

Usage

get_session_token(duration = 900, id, code, tags, use = FALSE, ...)

get_federation_token(duration = 900, name, policy, use = FALSE, ...)

get_caller_identity(...)

assume_role(
  role,
  session,
  duration,
  id,
  code,
  externalid,
  policy,
  tags,
  transitive.tags,
  use = FALSE,
  ...
)

Arguments

duration

numeric, optional, duration for which the credentials should be valid, in seconds, between 900 and 129600. If not set, the back-end can decided.

id

string, optional, the serial number or Amazon Resource Number for a multi-factor authentication (MFA) device.

code

If id is specified, the value provided by the MFA device.

tags

named character vector or named list of scalars, optional, if specified then the supplied key/value pairs (names are keys) are passed as session tags.

use

logical (default FALSE), specifying whether to use these credentials for subsequent requests. If TRUE, any currently used credentials are stored in a package environment (see save_credentials) and the requested tokens overwrite them in the relevant environment variables. restore_credentials() can then be used to restore environment variables based on those from the saved environment and delete_saved_credentials() deletes the credentials without restoring them.

...

Additional arguments passed to stsHTTP.

name

The name of the federated user.

policy

A character string specifying a JSON-formatted role policy. For assume_role, if role is an object of class “iam_role”, this will be inferred automatically.

role

string, role ARN or an object of class “iam_role”.

session

string, name of the temporary session, can be arbitrary and is mainly used to disambiguate multiple sessions using the same role.

externalid

A unique identifier that is used by third parties when assuming roles in their customers' accounts.

transitive.tags

character vector, optional, specifies names of the session tags which will be passed to subsequent sessions in the role chain.

Details

get_caller_identity returns the account ID and ARN for the currently credentialled user. This can be used to confirm that an assumed role has indeed been assumed.

get_session_token and get_federation_token generate and return temporary credentials.

Details about the underlying behavior of the various API endpoints can be found at Requesting Temporary Security Credentials.

Value

A list.

References

API Reference: GetCallerIdentity API Reference: GetSessionToken API Reference: GetFederationToken API Reference: AssumeRole API Reference: AssumeRoleWithSAML API Reference: AssumeRoleWithWebIdentity

Examples

## Not run: 
get_caller_identity() # check current identity

x <- get_session_token() # get token (T1) but do not use
set_credentials(x)       # now use those credentials

x <- get_session_token(use = TRUE) # get and use another temp token (T2)
get_caller_identity() # check that token is in use

# assume a role
r <- assume_role("arn:aws:iam::111111111111:role/my-role", "test", use=TRUE)
get_caller_identity() # check that the role has been assumed

restore_credentials() # return to credentials of T2
restore_credentials() # return to credentials of T1
restore_credentials() # return to root credentials
get_caller_identity() # check identity, again

## End(Not run)

[Package aws.iam version 0.1.8 Index]