private Amazon.SecurityToken.Model.Credentials GetStsCredentials(AssumeRoleWithWebIdentityRequest assumeRequest) { var ars = new AutoResetEvent(false); Amazon.SecurityToken.Model.Credentials credentials = null; Exception exception = null; sts.AssumeRoleWithWebIdentityAsync(assumeRequest, (assumeResult) => { if (assumeResult.Exception != null) { exception = assumeResult.Exception; } else { credentials = assumeResult.Response.Credentials; } ars.Set(); }); ars.WaitOne(); if (exception != null) { throw exception; } return(credentials); }
protected override CredentialsRefreshState GenerateNewCredentials() { var configuredRegion = AWSConfigs.AWSRegion; var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion); Amazon.SecurityToken.Model.Credentials cc = null; try { var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME); stsConfig.RegionEndpoint = region; var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials()); OidcToken oidcToken = SourceCredentials.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience(TargetAudience).WithTokenFormat(OidcTokenFormat.Standard)).Result; TargetAssumeRoleRequest.WebIdentityToken = oidcToken.GetAccessTokenAsync().Result; AssumeRoleWithWebIdentityResponse sessionTokenResponse = stsClient.AssumeRoleWithWebIdentityAsync(TargetAssumeRoleRequest).Result; cc = sessionTokenResponse.Credentials; _logger.InfoFormat("New credentials created for assume role that expire at {0}", cc.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture)); return(new CredentialsRefreshState(new ImmutableCredentials(cc.AccessKeyId, cc.SecretAccessKey, cc.SessionToken), cc.Expiration)); } catch (Exception e) { var msg = "Error exchanging Google OIDC token for AWS STS "; var exception = new InvalidOperationException(msg, e); Logger.GetLogger(typeof(GoogleCompatCredentials)).Error(exception, exception.Message); throw exception; } }
public void CreateS3Bucket(string bucketName, string key, Credentials credentials, AmazonS3Config config) { var s3Client = new AmazonS3Client(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken, config); string content = "Hello World2!"; // Put an object in the user's "folder". s3Client.PutObject(new PutObjectRequest { BucketName = bucketName, Key = key, ContentBody = content }); Console.WriteLine("Updated key={0} with content={1}", key, content); }
private CredentialsRefreshState GetCredentialsForRole(string roleArn) { string text = GetIdentityId(RefreshIdentityOptions.Refresh); GetOpenIdTokenRequest getOpenIdTokenRequest = new GetOpenIdTokenRequest { IdentityId = text }; if (Logins.Count > 0) { getOpenIdTokenRequest.Logins = Logins; } bool flag = false; GetOpenIdTokenResponse getOpenIdTokenResponse = null; try { getOpenIdTokenResponse = GetOpenId(getOpenIdTokenRequest); } catch (AmazonCognitoIdentityException e) { if (!ShouldRetry(e)) { throw; } flag = true; } if (flag) { return(GetCredentialsForRole(roleArn)); } string token = getOpenIdTokenResponse.Token; UpdateIdentity(getOpenIdTokenResponse.IdentityId); AssumeRoleWithWebIdentityRequest assumeRequest = new AssumeRoleWithWebIdentityRequest { WebIdentityToken = token, RoleArn = roleArn, RoleSessionName = "NetProviderSession", DurationSeconds = DefaultDurationSeconds }; Amazon.SecurityToken.Model.Credentials stsCredentials = GetStsCredentials(assumeRequest); return(new CredentialsRefreshState(stsCredentials.GetCredentials(), stsCredentials.Expiration)); }
public GetFederationTokenResult WithCredentials(Credentials credentials) { this.credentials = credentials; return this; }
public AssumeRoleWithWebIdentityResult WithCredentials(Credentials credentials) { this.credentials = credentials; return this; }
public virtual AmazonS3Client AppMode_CreateS3Client(Credentials credentials, RegionEndpoint regionEndpoint) { AmazonS3Client s3Client; var sessionCredentials = new SessionAWSCredentials( credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); s3Client = new AmazonS3Client(sessionCredentials, regionEndpoint); return s3Client; }
public AssumeRoleWithWebIdentityResult WithCredentials(Credentials credentials) { this.credentials = credentials; return(this); }
public GetSessionTokenResult WithCredentials(Credentials credentials) { this.credentials = credentials; return(this); }
/// <summary> /// Create session/temporary credentials using the provided credentials (previously returned from the AssumeRole /// method), and use the session credentials to create an S3 client object. /// </summary> /// <param name="credentials">The credentials to use for creating session credentials.</param> /// <param name="regionEndpoint">The region endpoint to use for the client.</param> /// <returns>The S3 client object.</returns> public override AmazonS3Client AppMode_CreateS3Client(Credentials credentials, RegionEndpoint regionEndpoint) { //TODO: Replace this call to the base class with your own method implementation. return base.AppMode_CreateS3Client(credentials, regionEndpoint); }