github.com/aavshr/aws-sdk-go@v1.41.3/service/sts/examples_test.go (about) 1 // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3 package sts_test 4 5 import ( 6 "fmt" 7 "strings" 8 "time" 9 10 "github.com/aavshr/aws-sdk-go/aws" 11 "github.com/aavshr/aws-sdk-go/aws/awserr" 12 "github.com/aavshr/aws-sdk-go/aws/session" 13 "github.com/aavshr/aws-sdk-go/service/sts" 14 ) 15 16 var _ time.Duration 17 var _ strings.Reader 18 var _ aws.Config 19 20 func parseTime(layout, value string) *time.Time { 21 t, err := time.Parse(layout, value) 22 if err != nil { 23 panic(err) 24 } 25 return &t 26 } 27 28 // To assume a role 29 // 30 31 func ExampleSTS_AssumeRole_shared00() { 32 svc := sts.New(session.New()) 33 input := &sts.AssumeRoleInput{ 34 ExternalId: aws.String("123ABC"), 35 Policy: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}"), 36 RoleArn: aws.String("arn:aws:iam::123456789012:role/demo"), 37 RoleSessionName: aws.String("testAssumeRoleSession"), 38 Tags: []*sts.Tag{ 39 { 40 Key: aws.String("Project"), 41 Value: aws.String("Unicorn"), 42 }, 43 { 44 Key: aws.String("Team"), 45 Value: aws.String("Automation"), 46 }, 47 { 48 Key: aws.String("Cost-Center"), 49 Value: aws.String("12345"), 50 }, 51 }, 52 TransitiveTagKeys: []*string{ 53 aws.String("Project"), 54 aws.String("Cost-Center"), 55 }, 56 } 57 58 result, err := svc.AssumeRole(input) 59 if err != nil { 60 if aerr, ok := err.(awserr.Error); ok { 61 switch aerr.Code() { 62 case sts.ErrCodeMalformedPolicyDocumentException: 63 fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 64 case sts.ErrCodePackedPolicyTooLargeException: 65 fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error()) 66 case sts.ErrCodeRegionDisabledException: 67 fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error()) 68 case sts.ErrCodeExpiredTokenException: 69 fmt.Println(sts.ErrCodeExpiredTokenException, aerr.Error()) 70 default: 71 fmt.Println(aerr.Error()) 72 } 73 } else { 74 // Print the error, cast err to awserr.Error to get the Code and 75 // Message from an error. 76 fmt.Println(err.Error()) 77 } 78 return 79 } 80 81 fmt.Println(result) 82 } 83 84 // To assume a role using a SAML assertion 85 // 86 87 func ExampleSTS_AssumeRoleWithSAML_shared00() { 88 svc := sts.New(session.New()) 89 input := &sts.AssumeRoleWithSAMLInput{ 90 DurationSeconds: aws.Int64(3600), 91 PrincipalArn: aws.String("arn:aws:iam::123456789012:saml-provider/SAML-test"), 92 RoleArn: aws.String("arn:aws:iam::123456789012:role/TestSaml"), 93 SAMLAssertion: aws.String("VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4="), 94 } 95 96 result, err := svc.AssumeRoleWithSAML(input) 97 if err != nil { 98 if aerr, ok := err.(awserr.Error); ok { 99 switch aerr.Code() { 100 case sts.ErrCodeMalformedPolicyDocumentException: 101 fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 102 case sts.ErrCodePackedPolicyTooLargeException: 103 fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error()) 104 case sts.ErrCodeIDPRejectedClaimException: 105 fmt.Println(sts.ErrCodeIDPRejectedClaimException, aerr.Error()) 106 case sts.ErrCodeInvalidIdentityTokenException: 107 fmt.Println(sts.ErrCodeInvalidIdentityTokenException, aerr.Error()) 108 case sts.ErrCodeExpiredTokenException: 109 fmt.Println(sts.ErrCodeExpiredTokenException, aerr.Error()) 110 case sts.ErrCodeRegionDisabledException: 111 fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error()) 112 default: 113 fmt.Println(aerr.Error()) 114 } 115 } else { 116 // Print the error, cast err to awserr.Error to get the Code and 117 // Message from an error. 118 fmt.Println(err.Error()) 119 } 120 return 121 } 122 123 fmt.Println(result) 124 } 125 126 // To assume a role as an OpenID Connect-federated user 127 // 128 129 func ExampleSTS_AssumeRoleWithWebIdentity_shared00() { 130 svc := sts.New(session.New()) 131 input := &sts.AssumeRoleWithWebIdentityInput{ 132 DurationSeconds: aws.Int64(3600), 133 Policy: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}"), 134 ProviderId: aws.String("www.amazon.com"), 135 RoleArn: aws.String("arn:aws:iam::123456789012:role/FederatedWebIdentityRole"), 136 RoleSessionName: aws.String("app1"), 137 WebIdentityToken: aws.String("Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"), 138 } 139 140 result, err := svc.AssumeRoleWithWebIdentity(input) 141 if err != nil { 142 if aerr, ok := err.(awserr.Error); ok { 143 switch aerr.Code() { 144 case sts.ErrCodeMalformedPolicyDocumentException: 145 fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 146 case sts.ErrCodePackedPolicyTooLargeException: 147 fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error()) 148 case sts.ErrCodeIDPRejectedClaimException: 149 fmt.Println(sts.ErrCodeIDPRejectedClaimException, aerr.Error()) 150 case sts.ErrCodeIDPCommunicationErrorException: 151 fmt.Println(sts.ErrCodeIDPCommunicationErrorException, aerr.Error()) 152 case sts.ErrCodeInvalidIdentityTokenException: 153 fmt.Println(sts.ErrCodeInvalidIdentityTokenException, aerr.Error()) 154 case sts.ErrCodeExpiredTokenException: 155 fmt.Println(sts.ErrCodeExpiredTokenException, aerr.Error()) 156 case sts.ErrCodeRegionDisabledException: 157 fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error()) 158 default: 159 fmt.Println(aerr.Error()) 160 } 161 } else { 162 // Print the error, cast err to awserr.Error to get the Code and 163 // Message from an error. 164 fmt.Println(err.Error()) 165 } 166 return 167 } 168 169 fmt.Println(result) 170 } 171 172 // To decode information about an authorization status of a request 173 // 174 175 func ExampleSTS_DecodeAuthorizationMessage_shared00() { 176 svc := sts.New(session.New()) 177 input := &sts.DecodeAuthorizationMessageInput{ 178 EncodedMessage: aws.String("<encoded-message>"), 179 } 180 181 result, err := svc.DecodeAuthorizationMessage(input) 182 if err != nil { 183 if aerr, ok := err.(awserr.Error); ok { 184 switch aerr.Code() { 185 case sts.ErrCodeInvalidAuthorizationMessageException: 186 fmt.Println(sts.ErrCodeInvalidAuthorizationMessageException, aerr.Error()) 187 default: 188 fmt.Println(aerr.Error()) 189 } 190 } else { 191 // Print the error, cast err to awserr.Error to get the Code and 192 // Message from an error. 193 fmt.Println(err.Error()) 194 } 195 return 196 } 197 198 fmt.Println(result) 199 } 200 201 // To get details about a calling IAM user 202 // 203 // This example shows a request and response made with the credentials for a user named 204 // Alice in the AWS account 123456789012. 205 func ExampleSTS_GetCallerIdentity_shared00() { 206 svc := sts.New(session.New()) 207 input := &sts.GetCallerIdentityInput{} 208 209 result, err := svc.GetCallerIdentity(input) 210 if err != nil { 211 if aerr, ok := err.(awserr.Error); ok { 212 switch aerr.Code() { 213 default: 214 fmt.Println(aerr.Error()) 215 } 216 } else { 217 // Print the error, cast err to awserr.Error to get the Code and 218 // Message from an error. 219 fmt.Println(err.Error()) 220 } 221 return 222 } 223 224 fmt.Println(result) 225 } 226 227 // To get details about a calling user federated with AssumeRole 228 // 229 // This example shows a request and response made with temporary credentials created 230 // by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName 231 // is set to my-role-session-name. 232 func ExampleSTS_GetCallerIdentity_shared01() { 233 svc := sts.New(session.New()) 234 input := &sts.GetCallerIdentityInput{} 235 236 result, err := svc.GetCallerIdentity(input) 237 if err != nil { 238 if aerr, ok := err.(awserr.Error); ok { 239 switch aerr.Code() { 240 default: 241 fmt.Println(aerr.Error()) 242 } 243 } else { 244 // Print the error, cast err to awserr.Error to get the Code and 245 // Message from an error. 246 fmt.Println(err.Error()) 247 } 248 return 249 } 250 251 fmt.Println(result) 252 } 253 254 // To get details about a calling user federated with GetFederationToken 255 // 256 // This example shows a request and response made with temporary credentials created 257 // by using GetFederationToken. The Name parameter is set to my-federated-user-name. 258 func ExampleSTS_GetCallerIdentity_shared02() { 259 svc := sts.New(session.New()) 260 input := &sts.GetCallerIdentityInput{} 261 262 result, err := svc.GetCallerIdentity(input) 263 if err != nil { 264 if aerr, ok := err.(awserr.Error); ok { 265 switch aerr.Code() { 266 default: 267 fmt.Println(aerr.Error()) 268 } 269 } else { 270 // Print the error, cast err to awserr.Error to get the Code and 271 // Message from an error. 272 fmt.Println(err.Error()) 273 } 274 return 275 } 276 277 fmt.Println(result) 278 } 279 280 // To get temporary credentials for a role by using GetFederationToken 281 // 282 283 func ExampleSTS_GetFederationToken_shared00() { 284 svc := sts.New(session.New()) 285 input := &sts.GetFederationTokenInput{ 286 DurationSeconds: aws.Int64(3600), 287 Name: aws.String("testFedUserSession"), 288 Policy: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}"), 289 Tags: []*sts.Tag{ 290 { 291 Key: aws.String("Project"), 292 Value: aws.String("Pegasus"), 293 }, 294 { 295 Key: aws.String("Cost-Center"), 296 Value: aws.String("98765"), 297 }, 298 }, 299 } 300 301 result, err := svc.GetFederationToken(input) 302 if err != nil { 303 if aerr, ok := err.(awserr.Error); ok { 304 switch aerr.Code() { 305 case sts.ErrCodeMalformedPolicyDocumentException: 306 fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 307 case sts.ErrCodePackedPolicyTooLargeException: 308 fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error()) 309 case sts.ErrCodeRegionDisabledException: 310 fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error()) 311 default: 312 fmt.Println(aerr.Error()) 313 } 314 } else { 315 // Print the error, cast err to awserr.Error to get the Code and 316 // Message from an error. 317 fmt.Println(err.Error()) 318 } 319 return 320 } 321 322 fmt.Println(result) 323 } 324 325 // To get temporary credentials for an IAM user or an AWS account 326 // 327 328 func ExampleSTS_GetSessionToken_shared00() { 329 svc := sts.New(session.New()) 330 input := &sts.GetSessionTokenInput{ 331 DurationSeconds: aws.Int64(3600), 332 SerialNumber: aws.String("YourMFASerialNumber"), 333 TokenCode: aws.String("123456"), 334 } 335 336 result, err := svc.GetSessionToken(input) 337 if err != nil { 338 if aerr, ok := err.(awserr.Error); ok { 339 switch aerr.Code() { 340 case sts.ErrCodeRegionDisabledException: 341 fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error()) 342 default: 343 fmt.Println(aerr.Error()) 344 } 345 } else { 346 // Print the error, cast err to awserr.Error to get the Code and 347 // Message from an error. 348 fmt.Println(err.Error()) 349 } 350 return 351 } 352 353 fmt.Println(result) 354 }