public string GetCallerIdentity() { if (_answer != null) { return(_answer); } if (Run) { var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(); var task = client.GetCallerIdentityAsync(new Amazon.SecurityToken.Model.GetCallerIdentityRequest()); if (task.IsFaulted) { Error(task.Exception.Flatten().Message); Error("You must have assumed a role first."); Run = false; return(string.Empty); } else { _answer = _serializer(task.Result); return(_answer); } } else { Error("Unable to run stsgetcalleridentity. Missing context and/or serializer."); return(string.Empty); } }
async static Task <List <SendDataPoint> > GetSesStatsForAccount(string Account) { string strRoleARN = "arn:aws:iam::" + Account + ":role/" + AssumedRoleName; Amazon.SecurityToken.AmazonSecurityTokenServiceClient stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(); var assumeRoleResponse = await stsClient.AssumeRoleAsync(new Amazon.SecurityToken.Model.AssumeRoleRequest { RoleArn = strRoleARN, RoleSessionName = "TempSession" }); SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(assumeRoleResponse.Credentials.AccessKeyId, assumeRoleResponse.Credentials.SecretAccessKey, assumeRoleResponse.Credentials.SessionToken); var regions = new Amazon.RegionEndpoint[] { Amazon.RegionEndpoint.USEast1, Amazon.RegionEndpoint.USWest2, Amazon.RegionEndpoint.EUWest1 }; List <SendDataPoint> lst = new List <SendDataPoint>(); foreach (var region in regions) { Console.WriteLine($"Checking {region.ToString()} for account {Account}"); AmazonSimpleEmailServiceClient sesClient = new AmazonSimpleEmailServiceClient(sessionCredentials, region); var response = await sesClient.GetSendStatisticsAsync(); lst.AddRange(response.SendDataPoints); } return(lst); }
private void TestPreSignedUrlWithSessionToken(RegionEndpoint region, DateTime expires, bool useSigV4, bool expectSigV4Url) { using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient()) { AWSCredentials credentials = sts.GetSessionToken().Credentials; var client = new AmazonS3Client(credentials, region); var originalUseSigV4 = AWSConfigsS3.UseSignatureVersion4; AWSConfigsS3.UseSignatureVersion4 = true; string bucketName = null; try { AWSConfigsS3.UseSignatureVersion4 = true; bucketName = CreateBucketAndObject(client); AssertPreSignedUrl(client, bucketName, expires, expectSigV4Url); } finally { AWSConfigsS3.UseSignatureVersion4 = originalUseSigV4; if (bucketName != null) { DeleteBucket(client, bucketName); } } } }
public static AWSCredentials CreateTemporaryCredentials() { using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient()) { var creds = sts.GetSessionToken().Credentials; return(creds); } }
private void SetCreds() { if (creds == null || DateTime.Now >= mfaExpires || AWSConfigs.AWSProfileName != Profile_CBB.Text) { AWSConfigs.AWSProfileName = Profile_CBB.Text; creds = new StoredProfileAWSCredentials(Profile_CBB.Text); if (AssumeRole_CBB.Text != "none") { //Get selected role to assume ComboboxItem o = (ComboboxItem)AssumeRole_CBB.SelectedItem; //Create AssumeRole request Amazon.SecurityToken.Model.AssumeRoleRequest assumeRequest = new Amazon.SecurityToken.Model.AssumeRoleRequest(); assumeRequest.RoleArn = o.Role; assumeRequest.RoleSessionName = UserName + "@" + AppName; //Get MFA Device Amazon.IdentityManagement.AmazonIdentityManagementServiceClient imc = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(creds); Amazon.IdentityManagement.Model.ListMFADevicesRequest mfaRequest = new Amazon.IdentityManagement.Model.ListMFADevicesRequest(); Amazon.IdentityManagement.Model.ListMFADevicesResponse mfaResponse = imc.ListMFADevices(mfaRequest); if (mfaResponse != null) { if (mfaResponse.MFADevices.Count > 0) { assumeRequest.SerialNumber = mfaResponse.MFADevices[0].SerialNumber; } } //If MFA Device was not obtained if (assumeRequest.SerialNumber == string.Empty) { //Get mfa associated with selected profile if (MfaDevices.ContainsKey(Profile_CBB.Text)) { assumeRequest.SerialNumber = MfaDevices[Profile_CBB.Text]; } else { assumeRequest.SerialNumber = MfaDevices["default"]; } } //Get MFA code mfa m = new mfa(); m.ShowDialog(); assumeRequest.TokenCode = mfacode.Trim(); //MFA code Amazon.SecurityToken.AmazonSecurityTokenServiceClient secClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(); Amazon.SecurityToken.Model.AssumeRoleResponse assumeResponse = secClient.AssumeRole(assumeRequest); mfaExpires = assumeResponse.Credentials.Expiration; creds = assumeResponse.Credentials; } } }
public static Credentials AssumeRole(string RoleARN, RegionEndpoint region) { Amazon.SecurityToken.AmazonSecurityTokenServiceClient stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(region); var assumeResult = stsClient.AssumeRoleAsync(new Amazon.SecurityToken.Model.AssumeRoleRequest { RoleArn = RoleARN, RoleSessionName = Guid.NewGuid().ToString() }); var creds = assumeResult.Result.Credentials; return(creds); }
private static AmazonCognitoSyncClient CreateAuthenticatedClient(string poolId, string poolName, string identityId, out string roleName) { string token; using (var cibClient = new Amazon.CognitoIdentity.AmazonCognitoIdentityClient(new AnonymousAWSCredentials())) { var getOpenIdResult = cibClient.GetOpenIdToken(new Amazon.CognitoIdentity.Model.GetOpenIdTokenRequest { IdentityId = identityId, }); token = getOpenIdResult.Token; } AWSCredentials credentials = null; using (var stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials())) { string roleArn; PrepareRole("RolePolicy", out roleName, out roleArn); // Add retries to allow the roles and identity to propagate for (int retries = 0; retries < 5; retries++) { Thread.Sleep(1000 * retries); try { var assumeRoleResult = stsClient.AssumeRoleWithWebIdentity(new Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "ProviderSession", }); credentials = assumeRoleResult.Credentials; break; } catch (Amazon.SecurityToken.AmazonSecurityTokenServiceException e) { if (!e.Message.Contains("Not authorized")) { throw; } } } } var authenticatedClient = new AmazonCognitoSyncClient(credentials); return(authenticatedClient); }
public void TestSessionCredentials() { using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient()) { AWSCredentials credentials = sts.GetSessionToken().Credentials; var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4; var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4; AWSConfigs.EC2Config.UseSignatureVersion4 = true; AWSConfigs.S3Config.UseSignatureVersion4 = true; try { using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials)) { var regions = ec2.DescribeRegions().Regions; Console.WriteLine(regions.Count); } using (var s3 = new Amazon.S3.AmazonS3Client(credentials)) { var buckets = s3.ListBuckets().Buckets; Console.WriteLine(buckets.Count); } using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials)) { var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos; Console.WriteLine(domains.Infos.Count); } using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig { SignatureVersion = "4" })) { var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos; Console.WriteLine(domains.Infos.Count); } } finally { AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature; AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature; } } }
public void TestSessionCredentials() { using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient()) { AWSCredentials credentials = sts.GetSessionToken().Credentials; var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4; var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4; AWSConfigs.EC2Config.UseSignatureVersion4 = true; AWSConfigs.S3Config.UseSignatureVersion4 = true; try { using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials)) { var regions = ec2.DescribeRegions().Regions; Console.WriteLine(regions.Count); } using (var s3 = new Amazon.S3.AmazonS3Client(credentials)) { var buckets = s3.ListBuckets().Buckets; Console.WriteLine(buckets.Count); } using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials)) { var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos; Console.WriteLine(domains.Infos.Count); } using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig { SignatureVersion = "4" })) { var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos; Console.WriteLine(domains.Infos.Count); } } finally { AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature; AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature; } } }
public string GetCallerIdentity() { if (_answer != null) { return(_answer); } if (Run) { var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(); var task = client.GetCallerIdentityAsync(new Amazon.SecurityToken.Model.GetCallerIdentityRequest()); _answer = _serializer(task.Result); return(_answer); } else { Error("Unable to get caller identity. Missing context and/or serializer."); return(string.Empty); } }