public AssumedRole(AssumedRoleUser assumedRoleUser)
{
this.Path = "/";
this.Arn = assumedRoleUser.Arn;
this.CreateDate = DateTime.Now;
this.RoleId = assumedRoleUser.AssumedRoleId;
this.RoleName = assumedRoleUser.Arn.Split('/')[1];
}
public void SecurityTokenServiceAssumeRole()
{
#region to-assume-a-role-1480532402212
var response = client.AssumeRole(new AssumeRoleRequest
{
DurationSeconds = 3600,
ExternalId = "123ABC",
Policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}",
RoleArn = "arn:aws:iam::123456789012:role/demo",
RoleSessionName = "Bob"
});
AssumedRoleUser assumedRoleUser = response.AssumedRoleUser;
Credentials credentials = response.Credentials;
integer packedPolicySize = response.PackedPolicySize;
#endregion
}
public async Task AssumeRoleAsyncTest()
{
// Create the mock client object
var mockClient = new Mock <AmazonSecurityTokenServiceClient>(REGION);
mockClient.Setup(client => client.AssumeRoleAsync(
It.IsAny <AssumeRoleRequest>(),
It.IsAny <CancellationToken>()))
.Returns((AssumeRoleRequest r,
CancellationToken token) =>
{
var roleUser = new AssumedRoleUser()
{
Arn = roleArnToAssume,
};
return(Task.FromResult(new AssumeRoleResponse()
{
AssumedRoleUser = roleUser,
HttpStatusCode = HttpStatusCode.OK,
}));
});
var client = mockClient.Object;
var assumeRoleReq = new AssumeRoleRequest()
{
DurationSeconds = 1600,
RoleSessionName = "Session1",
RoleArn = roleArnToAssume
};
var response = await client.AssumeRoleAsync(assumeRoleReq);
Assert.True(response.AssumedRoleUser.Arn == roleArnToAssume, "Successfully call to assume role.");
bool ok = response.HttpStatusCode == HttpStatusCode.OK;
Assert.True(ok, $"Successfully retrieved caller Identity.");
}
public void SecurityTokenServiceAssumeRoleWithWebIdentity()
{
#region to-assume-a-role-as-an-openid-connect-federated-user-1480533445696
var response = client.AssumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest
{
DurationSeconds = 3600,
ProviderId = "www.amazon.com",
RoleArn = "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
RoleSessionName = "app1",
WebIdentityToken = "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"
});
AssumedRoleUser assumedRoleUser = response.AssumedRoleUser;
string audience = response.Audience;
Credentials credentials = response.Credentials;
integer packedPolicySize = response.PackedPolicySize;
string provider = response.Provider;
string subjectFromWebIdentityToken = response.SubjectFromWebIdentityToken;
#endregion
}
public void SecurityTokenServiceAssumeRoleWithSAML()
{
#region to-assume-role-with-saml-14882749597814
var response = client.AssumeRoleWithSAML(new AssumeRoleWithSAMLRequest
{
DurationSeconds = 3600,
PrincipalArn = "arn:aws:iam::123456789012:saml-provider/SAML-test",
RoleArn = "arn:aws:iam::123456789012:role/TestSaml",
SAMLAssertion = "VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4="
});
AssumedRoleUser assumedRoleUser = response.AssumedRoleUser;
string audience = response.Audience;
Credentials credentials = response.Credentials;
string issuer = response.Issuer;
string nameQualifier = response.NameQualifier;
int packedPolicySize = response.PackedPolicySize;
string subject = response.Subject;
string subjectType = response.SubjectType;
#endregion
}
public void SecurityTokenServiceAssumeRole()
{
#region to-assume-a-role-1480532402212
var client = new AmazonSecurityTokenServiceClient();
var response = client.AssumeRole(new AssumeRoleRequest
{
ExternalId = "123ABC",
Policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}",
RoleArn = "arn:aws:iam::123456789012:role/demo",
RoleSessionName = "testAssumeRoleSession",
Tags = new List <Tag> {
new Tag {
Key = "Project",
Value = "Unicorn"
},
new Tag {
Key = "Team",
Value = "Automation"
},
new Tag {
Key = "Cost-Center",
Value = "12345"
}
},
TransitiveTagKeys = new List <string> {
"Project",
"Cost-Center"
}
});
AssumedRoleUser assumedRoleUser = response.AssumedRoleUser;
Credentials credentials = response.Credentials;
int packedPolicySize = response.PackedPolicySize;
#endregion
}
