AssumeRole() private méthode

private AssumeRole ( AssumeRoleRequest request ) : AssumeRoleResponse
request Amazon.SecurityToken.Model.AssumeRoleRequest
Résultat Amazon.SecurityToken.Model.AssumeRoleResponse
 private Credentials GetServiceCredentials()
 {
     if (_assumeRequest != null)
     {
         return(_stsClient.AssumeRole(_assumeRequest).Credentials);
     }
     return(_stsClient.AssumeRoleWithSAML(_assumeSamlRequest).Credentials);
 }
        public virtual Credentials AppMode_AssumeRole(AmazonSecurityTokenServiceClient stsClient, string roleArn,
            string roleSessionName)
        {
            Credentials credentials = null;

            var assumeRoleRequest = new AssumeRoleRequest
            {
                RoleArn = roleArn,
                RoleSessionName = roleSessionName
            };

            bool retry;
            int sleepSeconds = 3;

            DateTime startTime = DateTime.Now;
            do
            {
                try
                {
                    AssumeRoleResponse assumeRoleResponse = stsClient.AssumeRole(assumeRoleRequest);
                    credentials = assumeRoleResponse.Credentials;

                    retry = false;
                }
                catch (AmazonServiceException ase)
                {
                    if (ase.ErrorCode.Equals("AccessDenied"))
                    {
                        if (sleepSeconds > 20)
                        {
                            // If we've gotten here it's because we've retried a few times and are still getting the same error.
                            // Just rethrow the error to stop waiting. The exception will bubble up.
                            Console.WriteLine(" [Aborted AssumeRole Operation]");
                            retry = false;
                        }
                        else
                        {
                            // Write a period to the screen so we have a visual indication that we're in our retry logic.
                            Console.Write(".");
                            // Sleep before retrying.
                            Thread.Sleep(TimeSpan.FromSeconds(sleepSeconds));
                            // Increment the retry interval.
                            sleepSeconds = sleepSeconds*3;
                            retry = true;
                        }
                    }
                    else
                    {
                        throw;
                    }
                }
            } while (retry);

            return credentials;
        }
Exemple #3
0
        public Deployer(AwsConfiguration awsConfiguration)
        {
            _awsEndpoint = awsConfiguration.AwsEndpoint;
            _bucket = awsConfiguration.Bucket;
            _assumeRoleTrustDocument = awsConfiguration.AssumeRoleTrustDocument;
            _iamRolePolicyDocument = awsConfiguration.IamRolePolicyDocument;

            AWSCredentials credentials;

            if (isArn(awsConfiguration.RoleName))
            {
                var securityTokenServiceClient = new AmazonSecurityTokenServiceClient(awsConfiguration.AwsEndpoint);

                var assumeRoleResult = securityTokenServiceClient.AssumeRole(new AssumeRoleRequest
                {
                    RoleArn = awsConfiguration.RoleName,
                    DurationSeconds = 3600,
                    RoleSessionName = "Net2User",
                    ExternalId = Guid.NewGuid().ToString()
                });

                Credentials stsCredentials = assumeRoleResult.Credentials;

                SessionAWSCredentials sessionCredentials =
                          new SessionAWSCredentials(stsCredentials.AccessKeyId,
                                                    stsCredentials.SecretAccessKey,
                                                    stsCredentials.SessionToken);

                credentials = sessionCredentials;

                _role = new AssumedRole(assumeRoleResult.AssumedRoleUser);
            }
            else {
                credentials = awsConfiguration.Credentials ?? new EnvironmentAWSCredentials();
            }

            _codeDeployClient = new AmazonCodeDeployClient(
                credentials,
                new AmazonCodeDeployConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _cloudFormationClient = new AmazonCloudFormationClient(
                credentials,
                new AmazonCloudFormationConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _s3Client = new AmazonS3Client(
                credentials,
                new AmazonS3Config {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _iamClient = new AmazonIdentityManagementServiceClient(
                credentials,
                new AmazonIdentityManagementServiceConfig  {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _autoScalingClient = new AmazonAutoScalingClient(
                credentials,
                new AmazonAutoScalingConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });
        }