aws-config/aws.sdk.kotlin.runtime.auth.credentials/StsAssumeRoleCredentialsProvider/StsAssumeRoleCredentialsProvider

StsAssumeRoleCredentialsProvider

constructor(bootstrapCredentialsProvider: CredentialsProvider, roleArn: String, region: String? = null, roleSessionName: String? = null, externalId: String? = null, duration: Duration = DEFAULT_CREDENTIALS_REFRESH_SECONDS.seconds, httpClient: HttpClientEngine? = null)

A CredentialsProvider that uses another provider to assume a role from the AWS Security Token Service (STS).

When asked to provide credentials, this provider will first invoke the inner credentials provider to get AWS credentials for STS. Then, it will call STS to get assumed credentials for the desired role.

Parameters

bootstrapCredentialsProvider

The underlying provider to use for source credentials

roleArn

The ARN of the target role to assume, e.g. arn:aws:iam:123456789:role/example

region

The AWS region to assume the role in. If not set then the global STS endpoint will be used.

roleSessionName

The name to associate with the session. Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also in the ARN of the assumed role principal.

externalId

A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in this parameter.

duration

The expiry duration of the STS credentials. Defaults to 15 minutes if not set.

httpClient

the HttpClientEngine instance to use to make requests. NOTE: This engine's resources and lifetime are NOT managed by the provider. Caller is responsible for closing.

constructor(bootstrapCredentialsProvider: CredentialsProvider, assumeRoleParameters: AssumeRoleParameters, region: String? = null, httpClient: HttpClientEngine? = null)

Parameters

bootstrapCredentialsProvider

The underlying provider to use for source credentials

assumeRoleParameters

The parameters to pass to the AssumeRole call

region

The AWS region to assume the role in. If not set then the global STS endpoint will be used.

httpClient

the HttpClientEngine instance to use to make requests. NOTE: This engine's resources and lifetime are NOT managed by the provider. Caller is responsible for closing.