private Credentials GetServiceCredentials() { if (_assumeRequest != null) { return(_stsClient.AssumeRole(_assumeRequest).Credentials); } return(_stsClient.AssumeRoleWithSAML(_assumeSamlRequest).Credentials); }
public virtual Credentials AppMode_AssumeRole(AmazonSecurityTokenServiceClient stsClient, string roleArn, string roleSessionName) { Credentials credentials = null; var assumeRoleRequest = new AssumeRoleRequest { RoleArn = roleArn, RoleSessionName = roleSessionName }; bool retry; int sleepSeconds = 3; DateTime startTime = DateTime.Now; do { try { AssumeRoleResponse assumeRoleResponse = stsClient.AssumeRole(assumeRoleRequest); credentials = assumeRoleResponse.Credentials; retry = false; } catch (AmazonServiceException ase) { if (ase.ErrorCode.Equals("AccessDenied")) { if (sleepSeconds > 20) { // If we've gotten here it's because we've retried a few times and are still getting the same error. // Just rethrow the error to stop waiting. The exception will bubble up. Console.WriteLine(" [Aborted AssumeRole Operation]"); retry = false; } else { // Write a period to the screen so we have a visual indication that we're in our retry logic. Console.Write("."); // Sleep before retrying. Thread.Sleep(TimeSpan.FromSeconds(sleepSeconds)); // Increment the retry interval. sleepSeconds = sleepSeconds*3; retry = true; } } else { throw; } } } while (retry); return credentials; }
public Deployer(AwsConfiguration awsConfiguration) { _awsEndpoint = awsConfiguration.AwsEndpoint; _bucket = awsConfiguration.Bucket; _assumeRoleTrustDocument = awsConfiguration.AssumeRoleTrustDocument; _iamRolePolicyDocument = awsConfiguration.IamRolePolicyDocument; AWSCredentials credentials; if (isArn(awsConfiguration.RoleName)) { var securityTokenServiceClient = new AmazonSecurityTokenServiceClient(awsConfiguration.AwsEndpoint); var assumeRoleResult = securityTokenServiceClient.AssumeRole(new AssumeRoleRequest { RoleArn = awsConfiguration.RoleName, DurationSeconds = 3600, RoleSessionName = "Net2User", ExternalId = Guid.NewGuid().ToString() }); Credentials stsCredentials = assumeRoleResult.Credentials; SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(stsCredentials.AccessKeyId, stsCredentials.SecretAccessKey, stsCredentials.SessionToken); credentials = sessionCredentials; _role = new AssumedRole(assumeRoleResult.AssumedRoleUser); } else { credentials = awsConfiguration.Credentials ?? new EnvironmentAWSCredentials(); } _codeDeployClient = new AmazonCodeDeployClient( credentials, new AmazonCodeDeployConfig { RegionEndpoint = awsConfiguration.AwsEndpoint, ProxyHost = awsConfiguration.ProxyHost, ProxyPort = awsConfiguration.ProxyPort }); _cloudFormationClient = new AmazonCloudFormationClient( credentials, new AmazonCloudFormationConfig { RegionEndpoint = awsConfiguration.AwsEndpoint, ProxyHost = awsConfiguration.ProxyHost, ProxyPort = awsConfiguration.ProxyPort }); _s3Client = new AmazonS3Client( credentials, new AmazonS3Config { RegionEndpoint = awsConfiguration.AwsEndpoint, ProxyHost = awsConfiguration.ProxyHost, ProxyPort = awsConfiguration.ProxyPort }); _iamClient = new AmazonIdentityManagementServiceClient( credentials, new AmazonIdentityManagementServiceConfig { RegionEndpoint = awsConfiguration.AwsEndpoint, ProxyHost = awsConfiguration.ProxyHost, ProxyPort = awsConfiguration.ProxyPort }); _autoScalingClient = new AmazonAutoScalingClient( credentials, new AmazonAutoScalingConfig { RegionEndpoint = awsConfiguration.AwsEndpoint, ProxyHost = awsConfiguration.ProxyHost, ProxyPort = awsConfiguration.ProxyPort }); }