Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A few issues with sts_assume_role_with_web_identity #807

Closed
sluga opened this issue Jul 18, 2024 · 2 comments
Closed

A few issues with sts_assume_role_with_web_identity #807

sluga opened this issue Jul 18, 2024 · 2 comments
Labels
question 🧐❓ Further information is requested

Comments

@sluga
Copy link

sluga commented Jul 18, 2024

Hi,

I'm using sts_assume_role_with_web_identity to generate temporary credentials for S3. I managed to get it to work but encountered a few issues along the way.

  1. The function is documented but not exported, the following snippet returns an error ('sts_assume_role_with_web_identity' is not an exported object from 'namespace:paws.security.identity').
# does not work
creds <- paws.security.identity::sts_assume_role_with_web_identity(
    RoleArn          = 'my-role',
    RoleSessionName  = 'my-session',
    WebIdentityToken = 'my-token'
)
  1. I can access the non-exported version but I cannot call it directly, the error I get is Error in eval(call[[2]], envir = calling_env) : object 'paws.security.identity' not found.
# does not work
creds <- paws.security.identity:::sts_assume_role_with_web_identity(
    RoleArn          = 'my-role',
    RoleSessionName  = 'my-session',
    WebIdentityToken = 'my-token'
)

To get it to work, I first have to assign the function to another name:

# works
fun <- paws.security.identity:::sts_assume_role_with_web_identity
creds <- fun(
    RoleArn          = 'my-role',
    RoleSessionName  = 'my-session',
    WebIdentityToken = 'my-token'
)

Versions:

  • paws.security.identity_0.6.1
  • paws.common_0.7.4
@DyfanJones
Copy link
Member

Paws doesn't work like the example you have provided. First you need to create the client. In this case sts. Then you need to call the operation

library(paws)

client <- sts()

client$assume_role(
    RoleArn = 'my-role',
    RoleSessionName  = 'my-session',
    WebIdentityToken = 'my-token'
)

paws provides request syntax example in how to use the operations https://www.paws-r-sdk.com/docs/sts_assume_role/#request-syntax

The reason for the 2 stage approach has a number of reason

  • setting up the client configures the credentials of the client to talk to Aws
  • The operation only needs parameters for that operation
  • The approach is more akin to other Aws sdks allowing for better comparison

@sluga
Copy link
Author

sluga commented Jul 18, 2024

Thanks for the correction, guess I should've spent more time checking the docs :) (BTW assume_role -> assume_role_with_web_identity in your snippet)

@DyfanJones DyfanJones added the question 🧐❓ Further information is requested label Jul 19, 2024
@sluga sluga closed this as completed Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question 🧐❓ Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sluga @DyfanJones