Struct WebIdentityProvider 

pub struct WebIdentityProvider {
    pub web_identity_token: Variable<Secret, CredentialsError>,
    pub role_arn: Variable<String, CredentialsError>,
    pub role_session_name: Option<Variable<Option<String>, CredentialsError>>,
    pub duration_seconds: Option<i64>,
    pub policy: Option<String>,
    pub policy_arns: Option<Vec<PolicyDescriptorType>>,
}

WebIdentityProvider using OpenID Connect bearer token to retrieve AWS IAM credentials.

See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html for more details.

Fields

web_identity_token: Variable<Secret, CredentialsError>

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

role_arn: Variable<String, CredentialsError>

The Amazon Resource Name (ARN) of the role that the caller is assuming.

role_session_name: Option<Variable<Option<String>, CredentialsError>>

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

duration_seconds: Option<i64>

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.

policy: Option<String>

An IAM policy in JSON format that you want to use as an inline session policy.

policy_arns: Option<Vec<PolicyDescriptorType>>

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.

Implementations

impl WebIdentityProvider

pub fn new<A, B, C>( web_identity_token: A, role_arn: B, role_session_name: Option<C>, ) -> Self

where A: Into<Variable<Secret, CredentialsError>>, B: Into<Variable<String, CredentialsError>>, C: Into<Variable<Option<String>, CredentialsError>>,

Create new WebIdentityProvider by explicitly passing its configuration.

pub fn from_k8s_env() -> Self

Creat a WebIdentityProvider from the following environment variables:

• AWS_WEB_IDENTITY_TOKEN_FILE path to the web identity token file.
• AWS_ROLE_ARN ARN of the role to assume.
• AWS_ROLE_SESSION_NAME (optional) name applied to the assume-role session.

See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html for more information about how IAM Roles for Kubernetes Service Accounts works.

Trait Implementations

impl Clone for WebIdentityProvider

fn clone(&self) -> WebIdentityProvider

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for WebIdentityProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ProvideAwsCredentials for WebIdentityProvider

fn credentials<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<AwsCredentials, CredentialsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Produce a new AwsCredentials future.