aws-lite

STS

@aws-lite/sts

Maintained by: @architect

Install

npm i @aws-lite/sts

Optionally install types:

npm i -D @aws-lite/sts-types

Methods

AssumeRole

Canonical AWS API doc

Properties

RoleArn (string) [required]

ARN of the role to assume

RoleSessionName (string) [required]

Identifier for the assumed role session; must conform to [w+=,.@-]*

DurationSeconds (number)

Duration of the role session; from 900 to 43200

ExternalId (string)

Unique identifier that might be required when assuming a role in another account

Policy (string)

JSON IAM policy document to use as an inline session policy

PolicyArns (array)

ARNs of the IAM managed policies to use

ProvidedContexts (array)

List of previously acquired trusted context assertions in the format of a JSON array

More details (AWS)

Example

await aws.STS.AssumeRole({
  RoleArn: String, // required
  RoleSessionName: String, // required
  DurationSeconds: Number,
  ExternalId: String,
  Policy: String,
  PolicyArns: Array,
  ProvidedContexts: Array,
  SerialNumber: String,
  SourceIdentity: String,
  Tags: Array,
  TokenCode: String,
  TransitiveTagKeys: Array,
})

AssumeRoleWithSAML

Canonical AWS API doc

Properties

PrincipalArn (string) [required]

ARN of the SAML provider that describes the IdP

RoleArn (string) [required]

ARN of the role to assume

SAMLAssertion (string) [required]

base64-encoded SAML authentication response provided by the IdP

DurationSeconds (number)

Duration of the role session; from 900 to 43200

Policy (string)

JSON IAM policy document to use as an inline session policy

PolicyArns (array)

ARNs of the IAM managed policies to use

Example

await aws.STS.AssumeRoleWithSAML({
  PrincipalArn: String, // required
  RoleArn: String, // required
  SAMLAssertion: String, // required
  DurationSeconds: Number,
  Policy: String,
  PolicyArns: Array,
})

AssumeRoleWithWebIdentity

Canonical AWS API doc

Properties

RoleArn (string) [required]

ARN of the role to assume

RoleSessionName (string) [required]

Identifier for the assumed role session; must conform to [w+=,.@-]*

WebIdentityToken (string) [required]

OAuth 2.0 access token or OpenID Connect ID token provided by the IdP

DurationSeconds (number)

Duration of the role session; from 900 to 43200

Policy (string)

JSON IAM policy document to use as an inline session policy

PolicyArns (array)

ARNs of the IAM managed policies to use

ProviderId (string)

Fully qualified host of the domain name of the OAuth 2.0 IdP; do not specify this value for an OpenID Connect identity provider

Example

await aws.STS.AssumeRoleWithWebIdentity({
  RoleArn: String, // required
  RoleSessionName: String, // required
  WebIdentityToken: String, // required
  DurationSeconds: Number,
  Policy: String,
  PolicyArns: Array,
  ProviderId: String,
})

DecodeAuthorizationMessage

Canonical AWS API doc

Properties

EncodedMessage (string) [required]

Encoded message returned with the response

Example

await aws.STS.DecodeAuthorizationMessage({
  EncodedMessage: String, // required
})

GetAccessKeyInfo

Canonical AWS API doc

Properties

AccessKeyId (string) [required]

AWS access key to query

Example

await aws.STS.GetAccessKeyInfo({
  AccessKeyId: String, // required
})

GetCallerIdentity

Canonical AWS API doc

Properties

Example

await aws.STS.GetCallerIdentity()

GetFederationToken

Canonical AWS API doc

Properties

Name (string) [required]

Name of the federated user

DurationSeconds (number)

Duration of the role session; from 900 to 43200

Policy (string)

JSON IAM policy document to use as an inline session policy

PolicyArns (array)

ARNs of the IAM managed policies to use

Tags (array)

Session tags; each tag is an object containing a Key and Value property

Example

await aws.STS.GetFederationToken({
  Name: String, // required
  DurationSeconds: Number,
  Policy: String,
  PolicyArns: Array,
  Tags: Array,
})

GetSessionToken

Canonical AWS API doc

Properties

DurationSeconds (number)

Duration of the role session; from 900 to 43200

SerialNumber (string)

MFA device ID associated with the user making the call

TokenCode (string)

MFA value (if required by the role’s trust policy)

Example

await aws.STS.GetSessionToken({
  DurationSeconds: Number,
  SerialNumber: String,
  TokenCode: String,
})
aws-lite is an Apache 2.0-licensed open source project under the umbrella of OpenJS Foundation Architect. aws-lite is not in any way affiliated with Amazon Web Services, Inc. (AWS). All names and trademarks are the property of their respective owners.