New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to run an assumeRoleWithWebIdentity
request without an Env
?
#559
Comments
I'm sorry, I made a mistake in this post: I'm looking to run the The question remains the same though: is there a way to run a |
assumeRole
request without an Env
?assumeRoleWithWebIdentity
request without an Env
?
Please see the code in #602 (comment) This still uses I have initially made a newtype wrapper over AssumeRoleWithWebIdentity that overwrote the service let getCredentials = do
token <- T.readFile tokenFile
let assumeWeb = STS.assumeRoleWithWebIdentity
roleArn sessionName token
env <- do
-- Ideally, we want to make an unsigned request as the whole
-- point of web identity is that we do not have any credentials
-- to start with. It turns out that it's fine to simply provide
-- empty set of credentials however and AWS seems to ignore them
-- which is exactly what we want.
e <- AWS.newEnvWith
(AWS.FromKeys (AWS.AccessKey mempty) (AWS.SecretKey mempty))
(Just False)
httpManager
pure $! case region of
Nothing -> e
Just r -> e & AWS.envRegion .~ r
m'credentials <- AWS.runResourceT . AWS.runAWS env $ do
view STS.arwwirsCredentials <$> AWS.send assumeWeb
case m'credentials of
Nothing -> fail "Could not obtain credentials via web identity."
Just c -> pure c |
It might be worth eventually shoehorning a This probably would also be useful for things like bucket policies with |
A new |
Hi there! Thank you for these libraries, they've been super useful!
I have a question I was hoping someone might be able to help with. I've seen references in other issues from people who mention having done the same thing, so I'm pretty sure it's possible, and I'm probably overlooking something obvious.
I'd like to fetch temporary credentials using
amazonka-sts
assumeRoleWithWebIdentity
, then use those credentials for subsequent requests to other AWS api's. I think I understand how to create anEnv
once I have anassumeRoleWithWebIdentity
response. What I can't figure out is how to send theassumeRoleWithWebIdentity
request itself. I don't have credentials yet, that's what I'm runningassumeRoleWithWebIdentity
for, but it looks like theassumeRoleWithWebIdentity
request requires anEnv
to be set up like every other amazonka request. How do I bootstrap myself?Any help would be super appreciated!
The text was updated successfully, but these errors were encountered: