-
Notifications
You must be signed in to change notification settings - Fork 597
/
Copy pathfromTemporaryCredentials.ts
58 lines (55 loc) · 2.49 KB
/
fromTemporaryCredentials.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import type { RuntimeConfigAwsCredentialIdentityProvider } from "@aws-sdk/types";
import { fromNodeProviderChain } from "./fromNodeProviderChain";
import type { FromTemporaryCredentialsOptions } from "./fromTemporaryCredentials.base";
import { fromTemporaryCredentials as fromTemporaryCredentialsBase } from "./fromTemporaryCredentials.base";
/**
* @public
*/
export { FromTemporaryCredentialsOptions };
/**
* Creates a credential provider function that retrieves temporary credentials from STS AssumeRole API.
*
* ```javascript
* import { fromTemporaryCredentials } from "@aws-sdk/credential-providers"; // ES6 import
* // const { fromTemporaryCredentials } = require("@aws-sdk/credential-providers"); // CommonJS import
*
* const client = new FooClient({
* region,
* credentials: fromTemporaryCredentials(
* // Optional. The master credentials used to get and refresh temporary credentials from AWS STS. If skipped, it uses
* // the default credential resolved by internal STS client.
* masterCredentials: fromTemporaryCredentials({
* params: { RoleArn: "arn:aws:iam::1234567890:role/RoleA" }
* }),
* // Required. Options passed to STS AssumeRole operation.
* params: {
* // Required. ARN of role to assume.
* RoleArn: "arn:aws:iam::1234567890:role/RoleB",
* // Optional. An identifier for the assumed role session. If skipped, it generates a random session name with
* // prefix of 'aws-sdk-js-'.
* RoleSessionName: "aws-sdk-js-123",
* // Optional. The duration, in seconds, of the role session.
* DurationSeconds: 3600
* //... For more options see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
* },
* // Optional. Custom STS client configurations overriding the default ones.
* clientConfig: { region },
* // Optional. Custom STS client middleware plugin to modify the client default behavior.
* // e.g. adding custom headers.
* clientPlugins: [addFooHeadersPlugin],
* // Optional. A function that returns a promise fulfilled with an MFA token code for the provided MFA Serial code.
* // Required if `params` has `SerialNumber` config.
* mfaCodeProvider: async mfaSerial => {
* return "token"
* }
* ),
* });
* ```
*
* @public
*/
export const fromTemporaryCredentials = (
options: FromTemporaryCredentialsOptions
): RuntimeConfigAwsCredentialIdentityProvider => {
return fromTemporaryCredentialsBase(options, fromNodeProviderChain);
};