public static Credentials GetTemporaryCredentials(string policy)
{
var config = new AmazonSecurityTokenServiceConfig
{
RegionEndpoint = RegionEndpoint.APSoutheast2
};
var client = new AmazonSecurityTokenServiceClient(config);
var iamClient = new AmazonIdentityManagementServiceClient(
RegionEndpoint.APSoutheast2);
var iamRoleName = EC2InstanceMetadata.GetData("/iam/security-credentials");
var role = iamClient.GetRole(
new GetRoleRequest()
{
RoleName = iamRoleName
});
var assumeRoleRequest = new AssumeRoleRequest()
{
RoleArn = role.Role.Arn,
RoleSessionName = Guid.NewGuid().ToString().Replace("-", ""),
DurationSeconds = 900
};
if (!string.IsNullOrEmpty(policy))
{
assumeRoleRequest.Policy = policy;
}
var assumeRoleResponse =
client.AssumeRole(assumeRoleRequest);
var credentials = assumeRoleResponse.Credentials;
return(credentials);
}
private static void Ec2IamTest()
{
var iamRoleName = EC2InstanceMetadata.GetData("/iam/security-credentials");
var iamRole = EC2InstanceMetadata.GetData($"/iam/security-credentials/{iamRoleName}");
var iamCredentials = JsonConvert.DeserializeObject <IamRoleCredentials>(iamRole);
Console.WriteLine(iamCredentials.AccessKeyId);
Console.WriteLine(iamCredentials.Token);
var request = new AwsApiGatewayRequest()
{
RegionName = "ap-southeast-2",
Host = apiEndpoint,
AccessKey = iamCredentials.AccessKeyId,
SecretKey = iamCredentials.SecretAccessKey,
AbsolutePath = apiEndpointStaging,
JsonData = "245",
SessionToken = iamCredentials.Token,
RequestMethod = HttpMethod.Post
};
var apiRequest = new ApiRequest(request);
var response = apiRequest.GetResponse();
Console.WriteLine(response.ContentLength);
}
private IamRoleCredentials GetEc2Credential()
{
var iamRoleName = EC2InstanceMetadata.GetData("/iam/security-credentials");
var iamRole = EC2InstanceMetadata.GetData($"/iam/security-credentials/{iamRoleName}");
var iamCredentials = JsonConvert.DeserializeObject <IamRoleCredentials>(iamRole);
return(iamCredentials);
}
private bool IsRunningOnEc2()
{
bool isOnEc2 = false;
try
{
var iamRoleName = EC2InstanceMetadata.GetData("/iam/security-credentials");
isOnEc2 = !string.IsNullOrEmpty(iamRoleName);
}
catch (Exception)
{
}
return(isOnEc2);
}
void MetadataFromPath()
{
foreach (var p in Path)
{
try
{
var output = EC2InstanceMetadata.GetData(p);
WriteObject(output, true);
}
catch (Exception e)
{
WriteError(new ErrorRecord(e, "PathNotFound", ErrorCategory.InvalidArgument, p));
}
}
}
public static string EvaluateAWSVariable(string variable)
{
if (!variable.StartsWith("{") || !variable.EndsWith("}"))
{
//Variable already evaluated
return(variable);
}
(string prefix, string variableNoPrefix) = Utility.SplitPrefix(variable.Substring(1, variable.Length - 2), ':');
switch (variableNoPrefix.ToLower())
{
case "instance_id":
return(EC2InstanceMetadata.InstanceId);
case "hostname":
return(EC2InstanceMetadata.Hostname);
default:
if ("ec2".Equals(prefix, StringComparison.CurrentCultureIgnoreCase))
{
if (!variableNoPrefix.StartsWith("/"))
{
variableNoPrefix = "/" + variableNoPrefix;
}
return(EC2InstanceMetadata.GetData(variableNoPrefix));
}
else if ("ec2tag".Equals(prefix, StringComparison.CurrentCultureIgnoreCase))
{
return(EC2Utility.GetTagValue(variableNoPrefix));
}
else
{
return(variable);
}
}
}
