@aws-lite/sts
Maintained by: @architect
Install
npm i @aws-lite/sts
Optionally install types:
npm i -D @aws-lite/sts-types
Methods
AssumeRole
Properties
RoleArn(string) [required]-
ARN of the role to assume
RoleSessionName(string) [required]-
Identifier for the assumed role session; must conform to
[w+=,.@-]* DurationSeconds(number)-
Duration of the role session; from
900to43200 ExternalId(string)-
Unique identifier that might be required when assuming a role in another account
Policy(string)-
JSON IAM policy document to use as an inline session policy
PolicyArns(array)-
ARNs of the IAM managed policies to use
ProvidedContexts(array)-
List of previously acquired trusted context assertions in the format of a JSON array
- More details (AWS)
Example
await aws.STS.AssumeRole({
RoleArn: String, // required
RoleSessionName: String, // required
DurationSeconds: Number,
ExternalId: String,
Policy: String,
PolicyArns: Array,
ProvidedContexts: Array,
SerialNumber: String,
SourceIdentity: String,
Tags: Array,
TokenCode: String,
TransitiveTagKeys: Array,
})
AssumeRoleWithSAML
Properties
PrincipalArn(string) [required]-
ARN of the SAML provider that describes the IdP
RoleArn(string) [required]-
ARN of the role to assume
SAMLAssertion(string) [required]-
base64-encoded SAML authentication response provided by the IdP
DurationSeconds(number)-
Duration of the role session; from
900to43200 Policy(string)-
JSON IAM policy document to use as an inline session policy
PolicyArns(array)-
ARNs of the IAM managed policies to use
Example
await aws.STS.AssumeRoleWithSAML({
PrincipalArn: String, // required
RoleArn: String, // required
SAMLAssertion: String, // required
DurationSeconds: Number,
Policy: String,
PolicyArns: Array,
})
AssumeRoleWithWebIdentity
Properties
RoleArn(string) [required]-
ARN of the role to assume
RoleSessionName(string) [required]-
Identifier for the assumed role session; must conform to
[w+=,.@-]* WebIdentityToken(string) [required]-
OAuth 2.0 access token or OpenID Connect ID token provided by the IdP
DurationSeconds(number)-
Duration of the role session; from
900to43200 Policy(string)-
JSON IAM policy document to use as an inline session policy
PolicyArns(array)-
ARNs of the IAM managed policies to use
ProviderId(string)-
Fully qualified host of the domain name of the OAuth 2.0 IdP; do not specify this value for an OpenID Connect identity provider
Example
await aws.STS.AssumeRoleWithWebIdentity({
RoleArn: String, // required
RoleSessionName: String, // required
WebIdentityToken: String, // required
DurationSeconds: Number,
Policy: String,
PolicyArns: Array,
ProviderId: String,
})
DecodeAuthorizationMessage
Properties
EncodedMessage(string) [required]-
Encoded message returned with the response
Example
await aws.STS.DecodeAuthorizationMessage({
EncodedMessage: String, // required
})
GetAccessKeyInfo
Properties
AccessKeyId(string) [required]-
AWS access key to query
Example
await aws.STS.GetAccessKeyInfo({
AccessKeyId: String, // required
})
GetCallerIdentity
Properties
Example
await aws.STS.GetCallerIdentity()
GetFederationToken
Properties
Name(string) [required]-
Name of the federated user
DurationSeconds(number)-
Duration of the role session; from
900to43200 Policy(string)-
JSON IAM policy document to use as an inline session policy
PolicyArns(array)-
ARNs of the IAM managed policies to use
Tags(array)-
Session tags; each tag is an object containing a
KeyandValueproperty
Example
await aws.STS.GetFederationToken({
Name: String, // required
DurationSeconds: Number,
Policy: String,
PolicyArns: Array,
Tags: Array,
})
GetSessionToken
Properties
DurationSeconds(number)-
Duration of the role session; from
900to43200 SerialNumber(string)-
MFA device ID associated with the user making the call
TokenCode(string)-
MFA value (if required by the role’s trust policy)
Example
await aws.STS.GetSessionToken({
DurationSeconds: Number,
SerialNumber: String,
TokenCode: String,
})