1VM::EC2::Security::CredUesnetriaClosn(t3r)ibuted Perl DoVcMu:m:eEnCt2a:t:iSoencurity::Credentials(3)
2
3
4

NAME

6       VM::EC2::Security::Credentials -- Temporary security credentials for
7       EC2
8

SYNOPSIS

10        use VM::EC2;
11        use VM::EC2::Security::Policy
12
13        # under your account
14        $ec2 = VM::EC2->new(...);  # as usual
15        my $policy = VM::EC2::Security::Policy->new;
16        $policy->allow('DescribeImages','RunInstances');
17        my $token = $ec2->get_federation_token(-name     => 'TemporaryUser',
18                                               -duration => 60*60*3, # 3 hrs, as seconds
19                                               -policy   => $policy);
20        print $token->sessionToken,"\n";
21        print $token->accessKeyId,"\n";
22        print $token->secretAccessKey,"\n";
23        print $token->federatedUser,"\n";
24
25        my $serialized = $token->serialize;
26
27        # get the serialized token to the temporary user
28        send_data_to_user_somehow($serialized);
29
30        # under the temporary user's account
31        my $serialized = get_data_somehow();
32
33        # create a copy of the token from its serialized form
34        my $token = VM::EC2::Security::Credentials->new_from_serialized($serialized);
35
36        # create a copy of the token from its JSON representation (e.g. as returned
37        # from instance metadata of an instance that is assigned an IAM role
38        my $token = VM::EC2::Security::Credentials->new_from_json($json);
39
40        # open a new EC2 connection with this token. User will be
41        # able to run all the methods specified in the policy.
42        my $ec2   = VM::EC2->new(-security_token => $token);
43        print $ec2->describe_images(-owner=>'self');
44
45        # convenience routine; will return a VM::EC2 object authorized
46        # to use the current token
47        my $ec2   = $token->new_ec2;
48        print $ec2->describe_images(-owner=>'self');
49

DESCRIPTION

51       The VM::EC2::Security::Credentials object is returned by the
52       VM::EC2::Security::Token->credentials() method, which in turn is
53       generated by calls to VM::EC2->get_federation_token() and
54       VM::EC2->get_session_token(). The Credentials object contains time-
55       limited EC2 authentication information, including access key ID, secret
56       access key, and a temporary authentication session token.
57
58       A Credentials object can be passed to VM::EC2->new() via the
59       -security_token parameter, in which case the -access_key and
60       -secret_key parameters can be omitted.
61
62       As Credentials typically need to be transmitted from a process being
63       run by an AWS account holder to a process being run by another user,
64       the object provides serialization methods that allow the object to be
65       transmitted as a simple string.
66

DATA ACCESS METHODS

68        accessKeyId()          -- The temporary access key ID
69        secretAccessKey()      -- The secret access key
70        sessionToken()         -- The temporary security token, as a long
71                                     opaque string
72        expiration()           -- The expiration time of these credentials, as a
73                                     DateTime string.
74
75       As in all VM::EC2 classes, mixedCase() and
76       broken_out_with_underscores() names may be used interchangeably.
77

SERIALIZATION METHODS

79       These two methods allow you to serialize the credentials into a string
80       suitable for sending via SSL, S/MIME or another secure channel, and
81       then reconstructing the object at the other end. For sending the
82       credentials to a non-perl process, you can simply retrieve each
83       individual field (access key, etc) and send them individually.
84
85   $serialized = $credentials->serialize()
86       Return a serialized form of the object as a base64-encoded string. Note
87       that the serialized form contains the secret access key and session
88       token in unencrypted, but very slightly obfuscated, form.
89
90   $credentials =
91       VM::EC2::Security::Credentials->new_from_serialized($serialized)
92       Given a previously-serialized Credentials object, unserialize it and
93       return a copy.
94

CONVENIENCE METHODS

96       These are convenience methods.
97
98   $ec2 = $credentials->new_ec2(@args)
99       Create a new VM::EC2 object which is authorized using the security
100       token contained in the credentials object. You may pass all the
101       arguments, such as -endpoint, that are accepted by VM::EC2->new(), but
102       -access_key and -secret_access_key will be ignored.
103

STRING OVERLOADING

105       When used in a string context, this object will interpolate the
106

SEE ALSO

108       VM::EC2 VM::EC2::Generic
109

AUTHOR

111       Lincoln Stein <lincoln.stein@gmail.com>.
112
113       Copyright (c) 2011 Ontario Institute for Cancer Research
114
115       This package and its accompanying libraries is free software; you can
116       redistribute it and/or modify it under the terms of the GPL (either
117       version 1, or at your option, any later version) or the Artistic
118       License 2.0.  Refer to LICENSE for the full license text. In addition,
119       please see DISCLAIMER.txt for disclaimers of warranty.
120
121
122
123perl v5.32.1                      2021-01-27 VM::EC2::Security::Credentials(3)
Impressum