2022-09-30 09:16:28 -04:00
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
2019-02-06 18:05:50 -08:00
2022-09-30 09:16:28 -04:00
/**
* Before running this C++ code example, set up your development environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/getting-started.html
*
2022-10-13 16:51:24 -04:00
* For information on the structure of the code examples and how to build and run the examples, see
* https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/getting-started-code-examples.html.
*
2022-09-30 09:16:28 -04:00
* Purpose
*
* Demonstrate assuming an IAM role defined on an external account.
*
*/
2022-10-13 21:00:00 +00:00
# include <aws/s3/S3Client.h>
2022-10-13 16:51:24 -04:00
# include <aws/sts/STSClient.h>
# include <aws/sts/model/AssumeRoleRequest.h>
# include <aws/core/auth/AWSCredentialsProvider.h>
# include <aws/s3/model/ListBucketsResult.h>
# include <iostream>
# include "sts_samples.h"
//! Assumes an IAM role defined on an external account.
2022-09-30 09:16:28 -04:00
/*!
2022-10-13 16:51:24 -04:00
\sa assumeRole()
\param roleArn: The role Amazon Resource Name (ARN).
\param roleSessionName: A role session name.
\param externalId: An external identifier.
\param credentials: AWSCredentials instance to receive role credentials.
2022-09-30 09:16:28 -04:00
\param clientConfig Aws client configuration.
\return bool: Successful completion.
*/
2022-10-13 16:51:24 -04:00
// snippet-start:[sts.cpp.assume_role]
bool AwsDoc : : STS : : assumeRole ( const Aws : : String & roleArn ,
const Aws : : String & roleSessionName ,
const Aws : : String & externalId ,
Aws : : Auth : : AWSCredentials & credentials ,
const Aws : : Client : : ClientConfiguration & clientConfig ) {
Aws : : STS : : STSClient sts ( clientConfig ) ;
2019-02-08 14:39:41 -08:00
Aws : : STS : : Model : : AssumeRoleRequest sts_req ;
sts_req . SetRoleArn ( roleArn ) ;
sts_req . SetRoleSessionName ( roleSessionName ) ;
sts_req . SetExternalId ( externalId ) ;
2022-10-13 16:51:24 -04:00
const Aws : : STS : : Model : : AssumeRoleOutcome outcome = sts . AssumeRole ( sts_req ) ;
2019-02-08 14:39:41 -08:00
2022-10-13 16:51:24 -04:00
if ( ! outcome . IsSuccess ( ) ) {
2019-02-08 14:39:41 -08:00
std : : cerr < < " Error assuming IAM role. " < <
2022-10-13 16:51:24 -04:00
outcome . GetError ( ) . GetMessage ( ) < < std : : endl ;
2019-02-08 14:39:41 -08:00
}
2022-10-13 16:51:24 -04:00
else {
std : : cout < < " Credentials successfully retrieved. " < < std : : endl ;
const Aws : : STS : : Model : : AssumeRoleResult result = outcome . GetResult ( ) ;
const Aws : : STS : : Model : : Credentials & temp_credentials = result . GetCredentials ( ) ;
2019-02-08 14:39:41 -08:00
2022-10-14 09:27:14 -04:00
// Store temporary credentials in return argument.
2022-10-13 16:51:24 -04:00
// Note: The credentials object returned by assumeRole differs
// from the AWSCredentials object used in most situations.
credentials . SetAWSAccessKeyId ( temp_credentials . GetAccessKeyId ( ) ) ;
credentials . SetAWSSecretKey ( temp_credentials . GetSecretAccessKey ( ) ) ;
credentials . SetSessionToken ( temp_credentials . GetSessionToken ( ) ) ;
}
2019-02-08 14:39:41 -08:00
2022-10-13 16:51:24 -04:00
return outcome . IsSuccess ( ) ;
2019-02-06 18:05:50 -08:00
}
2022-10-13 16:51:24 -04:00
// snippet-end:[sts.cpp.assume_role]
2019-02-06 18:05:50 -08:00
2022-10-13 16:51:24 -04:00
/*
*
* main function
*
* Prerequisites: An existing IAM role.
*
* Usage: 'run_assume_role <role_arn> <role_session_name>'
*
2019-02-06 18:05:50 -08:00
*/
2022-10-13 16:51:24 -04:00
# ifndef TESTING_BUILD
2019-02-06 18:05:50 -08:00
int main ( int argc , char * * argv )
{
2022-10-13 16:51:24 -04:00
if ( argc ! = 3 ) {
std : : cout < < " run_assume_role <role_arn> <role_session_name> "
< < std : : endl ;
return 1 ;
}
2019-02-08 14:39:41 -08:00
Aws : : SDKOptions options ;
Aws : : InitAPI ( options ) ;
{
2022-10-13 16:51:24 -04:00
Aws : : String roleArn = argv [ 1 ] ;
Aws : : String roleSessionName = argv [ 2 ] ;
2022-10-14 09:27:14 -04:00
Aws : : String externalId = " 012345 " ; // Optional, but recommended.
2019-02-08 14:39:41 -08:00
Aws : : Auth : : AWSCredentials credentials ;
2022-10-13 16:51:24 -04:00
Aws : : Client : : ClientConfiguration clientConfig ;
// Optional: Set to the AWS Region in which the bucket was created (overrides config file).
// clientConfig.region = "us-east-1";
if ( ! AwsDoc : : STS : : assumeRole ( roleArn , roleSessionName , externalId , credentials , clientConfig ) )
2019-02-08 14:39:41 -08:00
{
return 1 ;
}
// List the S3 buckets in the external account. Note: The assumed
2022-10-20 15:00:56 -04:00
// role must grant the appropriate Amazon S3 permissions.
2019-02-08 14:39:41 -08:00
Aws : : S3 : : S3Client s3 ( credentials ) ;
auto response_s3 = s3 . ListBuckets ( ) ;
if ( ! response_s3 . IsSuccess ( ) )
{
std : : cerr < < " Error listing S3 buckets in external account. " < <
response_s3 . GetError ( ) . GetMessage ( ) < < std : : endl ;
return 1 ;
}
auto result_s3 = response_s3 . GetResult ( ) ;
for ( auto & bucket : result_s3 . GetBuckets ( ) )
{
std : : cout < < bucket . GetName ( ) < < std : : endl ;
}
}
Aws : : ShutdownAPI ( options ) ;
return 0 ;
2019-02-06 18:05:50 -08:00
}
2022-10-13 16:51:24 -04:00
# endif // TESTING_BUILD
