Class AssumeRoleWithWebIdentityCredentials

Namespace

Amazon.Runtime

Assembly

AWSSDK.Core.dll

AWS Credentials that automatically refresh by calling AssumeRole on the Amazon Security Token Service.

public class AssumeRoleWithWebIdentityCredentials : RefreshingAWSCredentials, IDisposable

Inheritance

object

AWSCredentials

RefreshingAWSCredentials

AssumeRoleWithWebIdentityCredentials

Implements

IDisposable

Inherited Members

RefreshingAWSCredentials.currentState

RefreshingAWSCredentials.GetCredentials()

RefreshingAWSCredentials.GetCredentialsAsync()

RefreshingAWSCredentials.Dispose(bool)

RefreshingAWSCredentials.ClearCredentials()

RefreshingAWSCredentials.Dispose()

RefreshingAWSCredentials.PreemptExpiryTime

RefreshingAWSCredentials.ShouldUpdate

AWSCredentials.Validate()

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

AssumeRoleWithWebIdentityCredentials(string, string, string)

Constructs an AssumeRoleWithWebIdentityCredentials object.

public AssumeRoleWithWebIdentityCredentials(string webIdentityTokenFile, string roleArn, string roleSessionName)

Parameters

webIdentityTokenFile string

The absolute path to the file on disk containing an OIDC token.

roleArn string

The Amazon Resource Name (ARN) of the role to assume.

roleSessionName string

An identifier for the assumed role session.

AssumeRoleWithWebIdentityCredentials(string, string, string, AssumeRoleWithWebIdentityCredentialsOptions)

Constructs an AssumeRoleWithWebIdentityCredentials object.

public AssumeRoleWithWebIdentityCredentials(string webIdentityTokenFile, string roleArn, string roleSessionName, AssumeRoleWithWebIdentityCredentialsOptions options)

Parameters

webIdentityTokenFile string

The absolute path to the file on disk containing an OIDC token.

roleArn string

The Amazon Resource Name (ARN) of the role to assume.

roleSessionName string

An identifier for the assumed role session.

options AssumeRoleWithWebIdentityCredentialsOptions

Options to be used in the call to AssumeRole.

Fields

RoleArnEnvVariable

public const string RoleArnEnvVariable = "AWS_ROLE_ARN"

Field Value

string

RoleSessionNameEnvVariable

public const string RoleSessionNameEnvVariable = "AWS_ROLE_SESSION_NAME"

Field Value

string

WebIdentityTokenFileEnvVariable

As established by STS, the regex used to validate the role session names is a string of 2-64 characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

public const string WebIdentityTokenFileEnvVariable = "AWS_WEB_IDENTITY_TOKEN_FILE"

Field Value

string

Properties

RoleArn

The Amazon Resource Name (ARN) of the role to assume.

public string RoleArn { get; }

Property Value

string

RoleSessionName

An identifier for the assumed role session.

public string RoleSessionName { get; }

Property Value

string

WebIdentityTokenFile

The absolute path to the file on disk containing an OIDC token

public string WebIdentityTokenFile { get; }

Property Value

string

Methods

CreateClient()

Gets a client to be used for AssumeRoleWithWebIdentity requests.

protected virtual ICoreAmazonSTS_WebIdentity CreateClient()

Returns

ICoreAmazonSTS_WebIdentity

The STS client.

FromEnvironmentVariables()

Creates an instance of AssumeRoleWithWebIdentityCredentials from environment variables.

public static AssumeRoleWithWebIdentityCredentials FromEnvironmentVariables()

Returns

AssumeRoleWithWebIdentityCredentials

The new credentials.

GenerateNewCredentials()

protected override RefreshingAWSCredentials.CredentialsRefreshState GenerateNewCredentials()

Returns

RefreshingAWSCredentials.CredentialsRefreshState

GenerateNewCredentialsAsync()

protected override Task<RefreshingAWSCredentials.CredentialsRefreshState> GenerateNewCredentialsAsync()

Returns

Task<RefreshingAWSCredentials.CredentialsRefreshState>