1VM::EC2::Security::TokeUns(e3r)Contributed Perl DocumentVaMt:i:oEnC2::Security::Token(3)
2
3
4

NAME

6       VM::EC2::Security::Token - Temporary security token object
7

SYNOPSIS

9        use VM::EC2;
10        use VM::EC2::Security::Policy
11
12        # under your account
13        $ec2 = VM::EC2->new(...);  # as usual
14        my $policy = VM::EC2::Security::Policy->new;
15        $policy->allow('DescribeImages','RunInstances');
16        my $token = $ec2->get_federation_token(-name     => 'TemporaryUser',
17                                               -duration => 60*60*3, # 3 hrs, as seconds
18                                               -policy   => $policy);
19        print $token->sessionToken,"\n";
20        print $token->accessKeyId,"\n";
21        print $token->secretAccessKey,"\n";
22        print $token->federatedUser,"\n";
23
24        my $serialized = $token->credentials->serialize;
25
26        # get the serialized token to the temporary user
27        send_data_to_user_somehow($serialized);
28
29        # under the temporary user's account
30        my $serialized = get_data_somehow();
31
32        # create a copy of the token from its serialized form
33        my $token = VM::EC2::Security::Credentials->new_from_serialized($serialized);
34
35        # open a new EC2 connection with this token. User will be
36        # able to run all the methods specified in the policy.
37        my $ec2   = VM::EC2->new(-security_token => $token);
38        print $ec2->describe_images(-owner=>'self');
39
40        # convenience routine; will return a VM::EC2 object authorized
41        # to use the current token
42        my $ec2   = $token->new_ec2;
43        print $ec2->describe_images(-owner=>'self');
44

DESCRIPTION

46       VM::EC2::Security::Token objects allow you to grant a user access to
47       some or all of your EC2 resources for a limited period of time. The
48       user does not have to have his own AWS account.
49
50       Token objects are returned by calls to VM::EC2->get_federation_token()
51       and get_session_token(). The former call is used to create a temporary
52       user with privileges restricted to those listed in the accompanying
53       policy (a VM::EC2::Security::Policy object). The latter call is used in
54       conjunction with multi-factor authentication devices, such as smart
55       cards. The tokens returned by get_session_token() are not associated
56       with a user account nor a policy, and grant privileges to all EC2
57       actions and resources. Both federation and session tokens have an
58       expiry time between a few seconds and 36 hours.
59
60       A VM::EC2::Security::Credentials object contained within the token
61       contains the temporary secret access key, acess key ID, and a session
62       token string that unlocks the access key. The credentials object can be
63       serialized into a form suitable for sending to a user via a secure
64       channel, such as SSL or S/MIME e-mail, and unserialized at the
65       receiving end into a copy of the original credentials object.
66
67       Either the token object, or its contained credentials object can be
68       used passed to VM::EC2->new() via the -security_token parameter in
69       order to gain access to EC2 resources.
70

METHODS

72        credentials()     -- The VM::EC2::Security::Credentials object
73                               that contains the session token, access key ID,
74                               and secret key.
75
76        federatedUser()  -- the VM::EC2::Security::FederatedUser object that
77                               contains information about the temporary user
78                               account.
79
80        packedPolicySize() -- A percentage value indicating the size of the policy in
81                                packed form relative to the maximum allowed size.
82                                Policies in excess of 100% will be rejected by the
83                                service.
84
85        secret_access_key()-- Convenience method that calls the credentials object's
86                               secret_access_key() method.
87
88        access_key_id() --    Convenience method that calls the credentials object's
89                               access_key_id() method.
90
91        session_token() --    Convenience method that calls the credentials object's
92                               session_token() method.
93
94        new_ec2(@args)  --    Convenience method that returns a VM::EC2 object authorized
95                               with the current token. You may pass any of the arguments
96                               accepted by VM::EC2->new(), except that -access_key and
97                               -secret_key will be ignored if present.
98

STRING OVERLOADING

100       When used in a string context, this object will interpolate as the
101       session token, and can be used for the -security_token parameter in
102       VM::EC2->new().
103

SEE ALSO

105       VM::EC2 VM::EC2::Generic VM::EC2::Security::Credentials
106       VM::EC2::Security::FederatedUser
107

AUTHOR

109       Lincoln Stein <lincoln.stein@gmail.com>.
110
111       Copyright (c) 2011 Ontario Institute for Cancer Research
112
113       This package and its accompanying libraries is free software; you can
114       redistribute it and/or modify it under the terms of the GPL (either
115       version 1, or at your option, any later version) or the Artistic
116       License 2.0.  Refer to LICENSE for the full license text. In addition,
117       please see DISCLAIMER.txt for disclaimers of warranty.
118
119
120
121perl v5.36.0                      2023-01-20       VM::EC2::Security::Token(3)
Impressum