DataFire integration for AWS Security Token Service
npm install @datafire/amazonaws_stsClient library for AWS Security Token Service
bash
npm install --save @datafire/amazonaws_sts
`
js
let amazonaws_sts = require('@datafire/amazonaws_sts').create({
accessKeyId: "",
secretAccessKey: "",
region: ""
});amazonaws_sts.AssumeRole({
"RoleArn": "",
"RoleSessionName": ""
}).then(data => {
console.log(data);
});
`Description
AWS Security Token Service
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to Temporary Security Credentials.
As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to STS. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.
For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about the Query API, go to Making Query Requests in Using IAM. For information about using security tokens with other AWS products, go to AWS Services That Work with IAM in the IAM User Guide.
If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/.
Endpoints
The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com that maps to the US East (N. Virginia) region. Additional regions are available and are activated by default. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.
For information about STS endpoints, see Regions and Endpoints in the AWS General Reference.
Recording API requests
STS supports AWS CloudTrail, which is a service that records AWS calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine what requests were successfully made to STS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
Actions
$3
js
amazonaws_sts.AssumeRole({
"RoleArn": "",
"RoleSessionName": ""
}, context)
`#### Input
* input
* DurationSeconds roleDurationSecondsType
* ExternalId externalIdType
* Policy sessionPolicyDocumentType
* RoleArn required arnType
* RoleSessionName required roleSessionNameType
* SerialNumber serialNumberType
* TokenCode tokenCodeType#### Output
* output AssumeRoleResponse
$3
js
amazonaws_sts.AssumeRoleWithSAML({
"RoleArn": "",
"PrincipalArn": "",
"SAMLAssertion": ""
}, context)
`#### Input
* input
* DurationSeconds roleDurationSecondsType
* Policy sessionPolicyDocumentType
* PrincipalArn required arnType
* RoleArn required arnType
* SAMLAssertion required SAMLAssertionType#### Output
* output AssumeRoleWithSAMLResponse
$3
js
amazonaws_sts.AssumeRoleWithWebIdentity({
"RoleArn": "",
"RoleSessionName": "",
"WebIdentityToken": ""
}, context)
`#### Input
* input
* DurationSeconds roleDurationSecondsType
* Policy sessionPolicyDocumentType
* ProviderId urlType
* RoleArn required arnType
* RoleSessionName required roleSessionNameType
* WebIdentityToken required clientTokenType#### Output
* output AssumeRoleWithWebIdentityResponse
$3
js
amazonaws_sts.DecodeAuthorizationMessage({
"EncodedMessage": ""
}, context)
`#### Input
* input
* EncodedMessage required encodedMessageType#### Output
* output DecodeAuthorizationMessageResponse
$3
js
amazonaws_sts.GetCallerIdentity({}, context)
`#### Input
* input
#### Output
* output GetCallerIdentityResponse
$3
js
amazonaws_sts.GetFederationToken({
"Name": ""
}, context)
`#### Input
* input
* DurationSeconds durationSecondsType
* Name required userNameType
* Policy sessionPolicyDocumentType#### Output
* output GetFederationTokenResponse
$3
js
amazonaws_sts.GetSessionToken({}, context)
`#### Input
* input
* DurationSeconds durationSecondsType
* SerialNumber serialNumberType
* TokenCode tokenCodeType#### Output
* output GetSessionTokenResponse
Definitions
$3
* AssumeRoleRequest
* DurationSeconds roleDurationSecondsType
* ExternalId externalIdType
* Policy sessionPolicyDocumentType
* RoleArn required arnType
* RoleSessionName required roleSessionNameType
* SerialNumber serialNumberType
* TokenCode tokenCodeType$3
* AssumeRoleResponse : Contains the response to a successful AssumeRole request, including temporary AWS credentials that can be used to make AWS requests.
* AssumedRoleUser AssumedRoleUser
* Credentials Credentials
* PackedPolicySize nonNegativeIntegerType$3
* AssumeRoleWithSAMLRequest object
* DurationSeconds roleDurationSecondsType
* Policy sessionPolicyDocumentType
* PrincipalArn required arnType
* RoleArn required arnType
* SAMLAssertion required SAMLAssertionType$3
* AssumeRoleWithSAMLResponse : Contains the response to a successful AssumeRoleWithSAML request, including temporary AWS credentials that can be used to make AWS requests.
* AssumedRoleUser AssumedRoleUser
* Audience Audience
* Credentials Credentials
* Issuer Issuer
* NameQualifier NameQualifier
* PackedPolicySize nonNegativeIntegerType
* Subject Subject
* SubjectType SubjectType$3
* AssumeRoleWithWebIdentityRequest object
* DurationSeconds roleDurationSecondsType
* Policy sessionPolicyDocumentType
* ProviderId urlType
* RoleArn required arnType
* RoleSessionName required roleSessionNameType
* WebIdentityToken required clientTokenType$3
* AssumeRoleWithWebIdentityResponse : Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary AWS credentials that can be used to make AWS requests.
* AssumedRoleUser AssumedRoleUser
* Audience Audience
* Credentials Credentials
* PackedPolicySize nonNegativeIntegerType
* Provider Issuer
* SubjectFromWebIdentityToken webIdentitySubjectType$3
* AssumedRoleUser object: The identifiers for the temporary security credentials that the operation returns.
* Arn required arnType
* AssumedRoleId required assumedRoleIdType$3
* Audience string$3
* Credentials : AWS credentials for API authentication.
* AccessKeyId required accessKeyIdType
* Expiration required dateType
* SecretAccessKey required accessKeySecretType
* SessionToken required tokenType$3
* DecodeAuthorizationMessageRequest object
* EncodedMessage required encodedMessageType$3
* DecodeAuthorizationMessageResponse : A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an AWS request.
* DecodedMessage decodedMessageType$3
* ExpiredTokenException object: The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.
* message expiredIdentityTokenMessage$3
* FederatedUser object: Identifiers for the federated user that is associated with the credentials.
* Arn required arnType
* FederatedUserId required federatedIdType$3
* GetCallerIdentityRequest object$3
* GetCallerIdentityResponse : Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.
* Account accountType
* Arn arnType
* UserId userIdType$3
* GetFederationTokenRequest object
* DurationSeconds durationSecondsType
* Name required userNameType
* Policy sessionPolicyDocumentType$3
* GetFederationTokenResponse : Contains the response to a successful GetFederationToken request, including temporary AWS credentials that can be used to make AWS requests.
* Credentials Credentials
* FederatedUser FederatedUser
* PackedPolicySize nonNegativeIntegerType$3
* GetSessionTokenRequest object
* DurationSeconds durationSecondsType
* SerialNumber serialNumberType
* TokenCode tokenCodeType$3
* GetSessionTokenResponse : Contains the response to a successful GetSessionToken request, including temporary AWS credentials that can be used to make AWS requests.
* Credentials Credentials$3
* IDPCommunicationErrorException object: The request could not be fulfilled because the non-AWS identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the non-AWS identity provider might be down or not responding.
* message idpCommunicationErrorMessage$3
* IDPRejectedClaimException object: The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid.
If this error is returned for the AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired or has been explicitly revoked.
* message idpRejectedClaimMessage$3
* InvalidAuthorizationMessageException object: The error returned if the message passed to DecodeAuthorizationMessage was invalid. This can happen if the token contains invalid characters, such as linebreaks.
* message invalidAuthorizationMessage$3
* InvalidIdentityTokenException object: The web identity token that was passed could not be validated by AWS. Get a new identity token from the identity provider and then retry the request.
* message invalidIdentityTokenMessage$3
* Issuer string$3
* MalformedPolicyDocumentException : The request was rejected because the policy document was malformed. The error message describes the specific error.
* message malformedPolicyDocumentMessage$3
* NameQualifier string$3
* PackedPolicyTooLargeException : The request was rejected because the policy document was too large. The error message describes how big the policy document is, in packed form, as a percentage of what the API allows.
* message packedPolicyTooLargeMessage$3
* RegionDisabledException object: STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.
* message regionDisabledMessage$3
* SAMLAssertionType string$3
* Subject $3
* SubjectType $3
* accessKeyIdType $3
* accessKeySecretType $3
* accountType $3
* arnType $3
* assumedRoleIdType $3
* clientTokenType $3
* dateType $3
* decodedMessageType $3
* durationSecondsType $3
* encodedMessageType $3
* expiredIdentityTokenMessage $3
* externalIdType $3
* federatedIdType $3
* idpCommunicationErrorMessage $3
* idpRejectedClaimMessage $3
* invalidAuthorizationMessage $3
* invalidIdentityTokenMessage $3
* malformedPolicyDocumentMessage $3
* nonNegativeIntegerType $3
* packedPolicyTooLargeMessage $3
* regionDisabledMessage $3
* roleDurationSecondsType $3
* roleSessionNameType $3
* serialNumberType $3
* sessionPolicyDocumentType $3
* tokenCodeType $3
* tokenType $3
* urlType $3
* userIdType $3
* userNameType $3
* webIdentitySubjectType