-
|
I'm trying to access AWS resources with tokens provided via OIDC-Federation using another SDK. So I have the token as string and the arn as string at my hand but as far as I looked into it, it seems I can't used them directly and need to use env-variables and files instead. While it looks like it can be done with other AWS SDKs it doesn't seem to work with the rust sdk that way. So my question would be if there's a way to use the token and the arn directly presented as string, and if not, why? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Why are things this way? I can't say as I don't know. It's probably just a miss on our part. What you can do is what we do, under the hood: async fn load_credentials(
fs: &Fs,
sts_client: &StsClient,
policy: Option<String>,
policy_arns: Option<Vec<PolicyDescriptorType>>,
token_file: impl AsRef<Path>,
role_arn: &str,
session_name: &str,
) -> provider::Result {
// We read the token as a file, but you could pass it in as an argument instead.
let token = fs
.read_to_end(token_file)
.await
.map_err(CredentialsError::provider_error)?;
let token = String::from_utf8(token).map_err(|_utf_8_error| {
CredentialsError::unhandled("WebIdentityToken was not valid UTF-8")
})?;
// Then we contact STS to assume the role
let resp = sts_client.assume_role_with_web_identity()
.role_arn(role_arn)
.role_session_name(session_name)
.set_policy(policy)
.set_policy_arns(policy_arns)
.web_identity_token(token)
.send()
.await
.map_err(|sdk_error| {
tracing::warn!(error = %DisplayErrorContext(&sdk_error), "STS returned an error assuming web identity role");
CredentialsError::provider_error(sdk_error)
})?;
// And call a function to turn the response into credentials.
aws_sdk_sts::util::into_credentials(resp.credentials, "WebIdentityToken")
}Then, provide those credentials when constructing your |
Beta Was this translation helpful? Give feedback.
Why are things this way? I can't say as I don't know. It's probably just a miss on our part. What you can do is what we do, under the hood: