ark::aws::StsClient

Defined in header “ark/aws/sts_client.hh”.


A wrapper around the AWS Security Token Service Client APIs.

Methods

  • StsClient()
    Constructor. Prepares a new STS client.

  • StsClient(const core::Url & endpoint)
    Constructor. Initializes a new client against the given URL. This is typically used for testing only.

  • ~StsClient()
    Destructor, so we can free up the implementation.

  • AwsTemporaryCredentials assume_role(const std::string & role, const std::string & policy, const std::string & session_description, std::chrono::seconds duration)
    AssumeRole to get temporary credentials that will be valid for 12 hours. You can customize the session description, policy, and duration. For example, you can restrict the policy by passing in an AWS policy document, or shorten the lifetime of the received credentials by passing in a different duration.

  • AwsTemporaryCredentials assume_role_with_token(const std::string & role, const std::string & web_token, const std::string & policy, const std::string & session_description)
    AssumeRole to get temporary credentials that will be valid for 12 hours Note: the Role’s max duration must be >=12 hours.

  • AwsIdentity get_caller_identity()
    Returns details about the IAM user/role used in the credential to call this operation.